3 matches found
CVE-2024-10330
In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data...
CVE-2024-10330
CVE-2024-10330 concerns lunary-ai/lunary v1.5.6 where the /v1/evaluators/ endpoint has improper access control. The documents state that any user associated with a project can fetch all evaluator data regardless of role, enabling low-privilege users to access potentially sensitive evaluation data...
CVE-2024-10330 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data...