CVE-2024-9095
Published: 20 March 2025
Summary
CVE-2024-9095 is a critical-severity Missing Authorization (CWE-862) vulnerability in Lunary Lunary. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked in the top 41.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 requires systems to immediately enforce approved authorizations for logical access, directly addressing the missing access control middleware on the /bigquery API route that allows any logged-in user to export sensitive database data.
AC-6 least privilege restricts users to only necessary permissions, preventing non-privileged logged-in users from creating BigQuery datastreams and extracting sensitive data like password hashes and API keys.
AC-2 account management establishes procedures for privilege assignment and review, mitigating overly permissive accounts that enable unauthorized database exports.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The lack of access control on the /bigquery API enables any valid account holder (T1078) to collect sensitive data including credentials from the database (T1213.006) and transfer it to a Google BigQuery instance (T1537).
NVD Description
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret API keys.…
more
The route is protected by a config check (`config.DATA_WAREHOUSE_EXPORTS_ALLOWED`), but it does not verify the user's access level or implement any access control middleware. This vulnerability can lead to the extraction of sensitive data, disruption of services, credential compromise, and service integrity breaches.
Deeper analysisAI
CVE-2024-9095 is a critical vulnerability in lunary-ai/lunary version v1.4.28, where the /bigquery API route lacks proper access control. This flaw allows any logged-in user to create a Datastream to Google BigQuery and export the entire database, including sensitive data such as password hashes and secret API keys. The route is only protected by a configuration check (config.DATA_WAREHOUSE_EXPORTS_ALLOWED) without verifying the user's access level or implementing access control middleware. It carries a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-862.
Any logged-in user can exploit this vulnerability remotely with low complexity and no user interaction. Successful exploitation enables the extraction of the full database via BigQuery, leading to sensitive data exposure, credential compromise, service disruptions, and breaches in service integrity.
A patch is available via GitHub commit a8d7b2959e87c30fbafdb12af7ffa093385dcc60, and additional details are provided in the Huntr bounty report at https://huntr.com/bounties/e242a92e-da41-440d-b718-3de91e4b4eac.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Lunary.ai is an open-source LLM engineering platform for monitoring, managing, and improving LLM applications, which aligns with Enterprise AI Assistants. The vulnerability affects its API for data export in an AI/ML observability context.