Home > Vulnerability Database > CVE-2024-11300

Mend.io Vulnerability Database

CVE-2024-11300

Good to know:

Date: March 20, 2025

In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs, leading to potential exposure of critical information.

Severity Score

6.5

Related Resources (4)

Url: https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11300

Url: https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd

Url: https://www.mend.io/vulnerability-database/CVE-2024-11300

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version https://github.com/lunary-ai/lunary.git - v1.6.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11300

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?