CVE-2024-8999
Published: 20 March 2025
Summary
CVE-2024-8999 is a high-severity Missing Authorization (CWE-862) vulnerability in Lunary Lunary. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations for access to system resources, addressing the improper access control that allowed unauthenticated export of the entire database via the vulnerable endpoint.
Limits and explicitly authorizes actions performable without identification or authentication, preventing unauthorized database export operations like the BigQuery stream.
Applies least privilege to restrict even authenticated users from performing high-impact actions such as full database exfiltration.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper access control vulnerability in the API endpoint enables exploitation of a public-facing application (T1190), facilitates unauthorized collection of data from the database (T1213.006), and allows exfiltration of the entire database to Google BigQuery cloud storage (T1567.002).
NVD Description
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is…
more
fixed in version 1.4.26.
Deeper analysisAI
CVE-2024-8999 is an improper access control vulnerability (CWE-862) in lunary-ai/lunary version 1.4.25. The flaw affects the POST /api/v1/data-warehouse/bigquery endpoint, which permits any user to export the entire database by creating a stream to Google BigQuery without requiring proper authentication or authorization. Published on 2025-03-20, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for privileges or user interaction.
Any network-accessible attacker can exploit this vulnerability without authentication. By sending a crafted POST request to the endpoint, they can establish a data stream that exfiltrates the full database contents to a Google BigQuery instance they control, potentially compromising sensitive information stored in Lunary deployments.
The vulnerability is addressed in lunary-ai/lunary version 1.4.26. Security practitioners should upgrade to this version immediately. Additional details are available in the fixing GitHub commit at https://github.com/lunary-ai/lunary/commit/aa0fd22952d1d84a717ae563eb1ab564d94a9e2b and the Huntr bounty report at https://huntr.com/bounties/d42b7a44-0dcb-4ef0-b15c-d0e558da65c6.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Lunary (lunary-ai) is an open-source LLM observability and analytics platform used for monitoring and managing LLM applications in enterprise settings, fitting the Enterprise AI Assistants category.