Description

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This vulnerability allows low-privilege users to delete evaluators data, causing permanent data loss and potentially hindering operations.

INFO

Published Date :

2025-03-20T10:09:35.139Z

Last Modified :

2025-03-20T18:37:15.812Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-10762 vulnerability.

Vendors Products
Lunary
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10762.

URL Resource
https://github.com/lunary-ai/lunary/commit/91587496673da24cb7ddedfbbd6e602592b20ef6 cve-icon cve-icon
https://huntr.com/bounties/23ab508e-d956-4861-b28f-0569d3b404a6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact