Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Improper Access Control in lunary-ai/lunary
CVE-2024-10330
Description
In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.