6 matches found
CVE-2024-8765
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765
CVE-2024-8765 affects lunary-ai/lunary (git afc5df4). The privilege check logic erroneously marks endpoints as public if the path contains "/auth/" anywhere, allowing unauthenticated attackers to access sensitive endpoints and potentially obtain/modify data or leverage resources across organizati...