Описание
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26.
Ссылки
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.26 (исключая)
cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00112
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-862
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
11 месяцев назад
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26.
EPSS
Процентиль: 30%
0.00112
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-862
NVD-CWE-noinfo