CVE-2024-9099

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Mar 20, 2025

CWE ID 1230

Summary

CVE-2024-9099 is a vulnerability affecting the lunary-ai/lunary project in version 1.4.29. This issue exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. Unauthorized users can retrieve these sensitive credentials through the GET /projects API endpoint. The exposure of private API keys poses a significant risk, allowing unauthorized users to perform actions on behalf of the project, access private data, and delete resources. The vulnerability is particularly concerning because the private API keys are exposed in the developer tools when the endpoint is called from the frontend.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2024-9099

CVSS 3.0 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations