CVE-2024-10272

Summary

CVE-2024-10272 is a newly identified vulnerability affecting the lunary-ai/lunary package. This issue stems from broken access control in the latest version of the software. Malicious actors can exploit this flaw to gain unauthorized access to any dataset by sending a GET request to the /v1/datasets endpoint without providing a valid authorization token. This vulnerability poses a significant risk, as it enables unauthorized users to view sensitive data, potentially leading to data breaches or other malicious activities. Organizations using this software are urged to update to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.