{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11300", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-11-16T09:15:59.924Z", "datePublished": "2025-03-20T10:11:19.503Z", "dateUpdated": "2025-10-15T12:49:29.238Z"}, "containers": {"cna": {"title": "Improper Access Control in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:29.238Z"}, "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs, leading to potential exposure of critical information."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.6.3", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4"}, {"url": "https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639"}]}], "source": {"advisory": "8dca7994-0d92-491e-a419-02adfe23ffa4", "discovery": "EXTERNAL"}}, "adp": [{"references": [{"url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T14:24:14.316127Z", "id": "CVE-2024-11300", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T14:24:38.973Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11300", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-20T14:24:14.316127Z"}}}], "references": [{"url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T14:24:31.344Z"}}], "cna": {"title": "Improper Access Control in lunary-ai/lunary", "source": {"advisory": "8dca7994-0d92-491e-a419-02adfe23ffa4", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.6.3", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4"}, {"url": "https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd"}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs, leading to potential exposure of critical information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:29.238Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11300", "state": "PUBLISHED", "dateUpdated": "2025-10-15T12:49:29.238Z", "dateReserved": "2024-11-16T09:15:59.924Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:11:19.503Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8E98F12-737E-4F73-B80A-71F7DA277455", "versionEndExcluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs, leading to potential exposure of critical information."}, {"lang": "es", "value": "En lunary-ai/lunary, versiones anteriores a la 1.6.3, existe una vulnerabilidad de control de acceso indebido que permite a un usuario acceder a los datos de los avisos de otro usuario. Este problema afecta a la versi\u00f3n 1.6.2 y a la rama principal. Esta vulnerabilidad permite a usuarios no autorizados acceder a datos confidenciales de los avisos mediante URL espec\u00edficas, lo que podr\u00eda exponer informaci\u00f3n cr\u00edtica."}], "id": "CVE-2024-11300", "lastModified": "2025-10-15T13:15:39.293", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-20T10:15:24.777", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd"}, {"source": "security@huntr.dev", "tags": ["Exploit"], "url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}