English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2024-8765

Low
Low Medium High Critical
CVSS Score
Published: Mar 20, 2025
Last Modified: Jul 02, 2025
CWE: CWE-41

Vulnerability Description

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication.

Known Affected Software

84 configuration(s) from 1 vendor(s)

lunary
Version:
1.2.22
CPE:
cpe:2.3:a:lunary:lunary:1.2.22:*:*:*:*:*:*:*
lunary
Version:
0.3.1
CPE:
cpe:2.3:a:lunary:lunary:0.3.1:*:*:*:*:*:*:*
lunary
Version:
1.2.19
CPE:
cpe:2.3:a:lunary:lunary:1.2.19:*:*:*:*:*:*:*
lunary
Version:
1.3.4
CPE:
cpe:2.3:a:lunary:lunary:1.3.4:-:*:*:*:*:*:*
lunary
Version:
1.3.7
CPE:
cpe:2.3:a:lunary:lunary:1.3.7:*:*:*:*:*:*:*
lunary
Version:
1.2.15
CPE:
cpe:2.3:a:lunary:lunary:1.2.15:*:*:*:*:*:*:*
lunary
Version:
1.4.10
CPE:
cpe:2.3:a:lunary:lunary:1.4.10:*:*:*:*:*:*:*
lunary
Version:
1.2.30
CPE:
cpe:2.3:a:lunary:lunary:1.2.30:*:*:*:*:*:*:*
lunary
Version:
1.2.28
CPE:
cpe:2.3:a:lunary:lunary:1.2.28:*:*:*:*:*:*:*
lunary
Version:
1.4.4
CPE:
cpe:2.3:a:lunary:lunary:1.4.4:*:*:*:*:*:*:*
lunary
Version:
0.2.1
CPE:
cpe:2.3:a:lunary:lunary:0.2.1:*:*:*:*:*:*:*
lunary
Version:
1.3.3
CPE:
cpe:2.3:a:lunary:lunary:1.3.3:*:*:*:*:*:*:*
lunary
Version:
1.2.0
CPE:
cpe:2.3:a:lunary:lunary:1.2.0:*:*:*:*:*:*:*
lunary
Version:
0.1.3
CPE:
cpe:2.3:a:lunary:lunary:0.1.3:*:*:*:*:*:*:*
lunary
Version:
1.2.29
CPE:
cpe:2.3:a:lunary:lunary:1.2.29:*:*:*:*:*:*:*
lunary
Version:
1.2.7
CPE:
cpe:2.3:a:lunary:lunary:1.2.7:*:*:*:*:*:*:*
lunary
Version:
1.2.23
CPE:
cpe:2.3:a:lunary:lunary:1.2.23:*:*:*:*:*:*:*
lunary
Version:
1.2.2
CPE:
cpe:2.3:a:lunary:lunary:1.2.2:*:*:*:*:*:*:*
lunary
Version:
1.2.5
CPE:
cpe:2.3:a:lunary:lunary:1.2.5:*:*:*:*:*:*:*
lunary
Version:
1.2.9
CPE:
cpe:2.3:a:lunary:lunary:1.2.9:*:*:*:*:*:*:*
lunary
Version:
1.3.10
CPE:
cpe:2.3:a:lunary:lunary:1.3.10:*:*:*:*:*:*:*
lunary
Version:
1.3.6
CPE:
cpe:2.3:a:lunary:lunary:1.3.6:*:*:*:*:*:*:*
lunary
Version:
0.1.0
CPE:
cpe:2.3:a:lunary:lunary:0.1.0:*:*:*:*:*:*:*
lunary
Version:
1.4.19
CPE:
cpe:2.3:a:lunary:lunary:1.4.19:*:*:*:*:*:*:*
lunary
Version:
1.2.13
CPE:
cpe:2.3:a:lunary:lunary:1.2.13:*:*:*:*:*:*:*
lunary
Version:
1.4.12
CPE:
cpe:2.3:a:lunary:lunary:1.4.12:*:*:*:*:*:*:*
lunary
Version:
0.1.5
CPE:
cpe:2.3:a:lunary:lunary:0.1.5:*:*:*:*:*:*:*
lunary
Version:
1.0.2
CPE:
cpe:2.3:a:lunary:lunary:1.0.2:*:*:*:*:*:*:*
lunary
Version:
1.2.17
CPE:
cpe:2.3:a:lunary:lunary:1.2.17:*:*:*:*:*:*:*
lunary
Version:
1.4.15
CPE:
cpe:2.3:a:lunary:lunary:1.4.15:*:*:*:*:*:*:*
lunary
Version:
1.4.22
CPE:
cpe:2.3:a:lunary:lunary:1.4.22:*:*:*:*:*:*:*
lunary
Version:
0.1.4
CPE:
cpe:2.3:a:lunary:lunary:0.1.4:*:*:*:*:*:*:*
lunary
Version:
1.3.2
CPE:
cpe:2.3:a:lunary:lunary:1.3.2:*:*:*:*:*:*:*
lunary
Version:
1.2.11
CPE:
cpe:2.3:a:lunary:lunary:1.2.11:*:*:*:*:*:*:*
lunary
Version:
1.2.34
CPE:
cpe:2.3:a:lunary:lunary:1.2.34:*:*:*:*:*:*:*
lunary
Version:
1.1.0
CPE:
cpe:2.3:a:lunary:lunary:1.1.0:*:*:*:*:*:*:*
lunary
Version:
1.0.0
CPE:
cpe:2.3:a:lunary:lunary:1.0.0:*:*:*:*:*:*:*
lunary
Version:
1.4.8
CPE:
cpe:2.3:a:lunary:lunary:1.4.8:*:*:*:*:*:*:*
lunary
Version:
1.2.20
CPE:
cpe:2.3:a:lunary:lunary:1.2.20:*:*:*:*:*:*:*
lunary
Version:
1.2.27
CPE:
cpe:2.3:a:lunary:lunary:1.2.27:*:*:*:*:*:*:*
lunary
Version:
1.4.5
CPE:
cpe:2.3:a:lunary:lunary:1.4.5:*:*:*:*:*:*:*
lunary
Version:
1.0.1
CPE:
cpe:2.3:a:lunary:lunary:1.0.1:*:*:*:*:*:*:*
lunary
Version:
1.3.8
CPE:
cpe:2.3:a:lunary:lunary:1.3.8:*:*:*:*:*:*:*
lunary
Version:
0.2.0
CPE:
cpe:2.3:a:lunary:lunary:0.2.0:*:*:*:*:*:*:*
lunary
Version:
1.4.13
CPE:
cpe:2.3:a:lunary:lunary:1.4.13:*:*:*:*:*:*:*
lunary
Version:
1.2.10
CPE:
cpe:2.3:a:lunary:lunary:1.2.10:*:*:*:*:*:*:*
lunary
Version:
1.4.18
CPE:
cpe:2.3:a:lunary:lunary:1.4.18:*:*:*:*:*:*:*
lunary
Version:
0.1.1
CPE:
cpe:2.3:a:lunary:lunary:0.1.1:*:*:*:*:*:*:*
lunary
Version:
1.4.1
CPE:
cpe:2.3:a:lunary:lunary:1.4.1:*:*:*:*:*:*:*
lunary
Version:
1.2.26
CPE:
cpe:2.3:a:lunary:lunary:1.2.26:*:*:*:*:*:*:*
lunary
Version:
1.4.14
CPE:
cpe:2.3:a:lunary:lunary:1.4.14:*:*:*:*:*:*:*
lunary
Version:
1.2.14
CPE:
cpe:2.3:a:lunary:lunary:1.2.14:*:*:*:*:*:*:*
lunary
Version:
1.2.6
CPE:
cpe:2.3:a:lunary:lunary:1.2.6:*:*:*:*:*:*:*
lunary
Version:
0.1.2
CPE:
cpe:2.3:a:lunary:lunary:0.1.2:*:*:*:*:*:*:*
lunary
Version:
1.2.18
CPE:
cpe:2.3:a:lunary:lunary:1.2.18:*:*:*:*:*:*:*
lunary
Version:
1.2.21
CPE:
cpe:2.3:a:lunary:lunary:1.2.21:*:*:*:*:*:*:*
lunary
Version:
0.3.0
CPE:
cpe:2.3:a:lunary:lunary:0.3.0:*:*:*:*:*:*:*
lunary
Version:
1.4.3
CPE:
cpe:2.3:a:lunary:lunary:1.4.3:-:*:*:*:*:*:*
lunary
Version:
1.4.7
CPE:
cpe:2.3:a:lunary:lunary:1.4.7:*:*:*:*:*:*:*
lunary
Version:
1.3.1
CPE:
cpe:2.3:a:lunary:lunary:1.3.1:*:*:*:*:*:*:*
lunary
Version:
1.4.2
CPE:
cpe:2.3:a:lunary:lunary:1.4.2:*:*:*:*:*:*:*
lunary
Version:
1.2.31
CPE:
cpe:2.3:a:lunary:lunary:1.2.31:*:*:*:*:*:*:*
lunary
Version:
1.3.5
CPE:
cpe:2.3:a:lunary:lunary:1.3.5:*:*:*:*:*:*:*
lunary
Version:
1.4.9
CPE:
cpe:2.3:a:lunary:lunary:1.4.9:*:*:*:*:*:*:*
lunary
Version:
1.2.33
CPE:
cpe:2.3:a:lunary:lunary:1.2.33:*:*:*:*:*:*:*
lunary
Version:
1.2.4
CPE:
cpe:2.3:a:lunary:lunary:1.2.4:*:*:*:*:*:*:*
lunary
Version:
1.2.24
CPE:
cpe:2.3:a:lunary:lunary:1.2.24:*:*:*:*:*:*:*
lunary
Version:
1.2.8
CPE:
cpe:2.3:a:lunary:lunary:1.2.8:*:*:*:*:*:*:*
lunary
Version:
1.4.17
CPE:
cpe:2.3:a:lunary:lunary:1.4.17:*:*:*:*:*:*:*
lunary
Version:
1.2.12
CPE:
cpe:2.3:a:lunary:lunary:1.2.12:*:*:*:*:*:*:*
lunary
Version:
1.4.11
CPE:
cpe:2.3:a:lunary:lunary:1.4.11:*:*:*:*:*:*:*
lunary
Version:
1.3.9
CPE:
cpe:2.3:a:lunary:lunary:1.3.9:*:*:*:*:*:*:*
lunary
Version:
1.2.16
CPE:
cpe:2.3:a:lunary:lunary:1.2.16:*:*:*:*:*:*:*
lunary
Version:
1.2.1
CPE:
cpe:2.3:a:lunary:lunary:1.2.1:*:*:*:*:*:*:*
lunary
Version:
1.4.0
CPE:
cpe:2.3:a:lunary:lunary:1.4.0:*:*:*:*:*:*:*
lunary
Version:
1.3.0
CPE:
cpe:2.3:a:lunary:lunary:1.3.0:*:*:*:*:*:*:*
lunary
Version:
1.2.3
CPE:
cpe:2.3:a:lunary:lunary:1.2.3:*:*:*:*:*:*:*
lunary
Version:
1.4.16
CPE:
cpe:2.3:a:lunary:lunary:1.4.16:*:*:*:*:*:*:*
lunary
Version:
1.4.6
CPE:
cpe:2.3:a:lunary:lunary:1.4.6:*:*:*:*:*:*:*
lunary
Version:
1.4.21
CPE:
cpe:2.3:a:lunary:lunary:1.4.21:*:*:*:*:*:*:*
lunary
Version:
1.3.11
CPE:
cpe:2.3:a:lunary:lunary:1.3.11:*:*:*:*:*:*:*
lunary
Version:
1.2.32
CPE:
cpe:2.3:a:lunary:lunary:1.2.32:*:*:*:*:*:*:*
lunary
Version:
1.2.25
CPE:
cpe:2.3:a:lunary:lunary:1.2.25:*:*:*:*:*:*:*
lunary
Version:
1.4.20
CPE:
cpe:2.3:a:lunary:lunary:1.4.20:*:*:*:*:*:*:*
This vulnerability affects 84 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-41

Improper Resolution of Path Equivalence

Description
The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
Typical Severity
Medium
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
March 20, 2025

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record

Related News Articles

Latest news and updates about CVE-2024-8765

View All Related Articles