Home > Vulnerability Database > CVE-2024-10274

Mend.io Vulnerability Database

CVE-2024-10274

Good to know:

Date: March 20, 2025

An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the disclosure of sensitive information such as names, roles, or emails to users without sufficient privileges, resulting in privacy violations and potential reconnaissance for targeted attacks.

Severity Score

6.5

Related Resources (4)

Url: https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10274

Url: https://huntr.com/bounties/506459c1-da60-45c5-a10d-8bd540a4b4c1

Url: https://www.mend.io/vulnerability-database/CVE-2024-10274

Severity Score

6.5

Weakness Type (CWE)

Improper Authorization

CWE-285

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version https://github.com/lunary-ai/lunary.git - v1.5.7

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10274

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?