Description

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26.

INFO

Published Date :

2025-03-20T10:08:51.051Z

Last Modified :

2025-10-15T12:49:59.295Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8999 vulnerability.

Vendors Products
Lunary
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8999.

URL Resource
https://github.com/lunary-ai/lunary/commit/aa0fd22952d1d84a717ae563eb1ab564d94a9e2b cve-icon cve-icon
https://huntr.com/bounties/d42b7a44-0dcb-4ef0-b15c-d0e558da65c6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact