Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 11:15 a.m.8 views

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS6.9AI score0.0078EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS0.0078EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.8 views

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS7.1AI score0.0078EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS0.0078EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:10 a.m.48 views

CVE-2024-8765

CVE-2024-8765 affects lunary-ai/lunary (git afc5df4). The privilege check logic erroneously marks endpoints as public if the path contains "/auth/" anywhere, allowing unauthenticated attackers to access sensitive endpoints and potentially obtain/modify data or leverage resources across organizati...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder