Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Broken Access Control in lunary-ai/lunary
CVE-2024-10272
Description
lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.