CVE-2024-9099
Published: 20 March 2025
Summary
CVE-2024-9099 is a high-severity Exposure of Sensitive Information Through Metadata (CWE-1230) vulnerability in Lunary Lunary. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 39.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent low-privilege users like Viewers from accessing sensitive private API keys via the GET /projects endpoint.
Applies least privilege to ensure minimal permission roles such as Viewer or Prompt Editor cannot retrieve private API keys.
Filters sensitive information like private API keys from API responses prior to delivery to non-privileged frontend users.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes private API keys via a GET /projects endpoint to low-privilege users (e.g., Viewers), enabling adversaries to steal application access tokens (T1528) and exploit unsecured credentials (T1552) for unauthorized actions.
NVD Description
In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which…
more
can be used to perform actions on behalf of the project, access private data, and delete resources. The private API keys are exposed in the developer tools when the endpoint is called from the frontend.
Deeper analysisAI
CVE-2024-9099 is a vulnerability in lunary-ai/lunary version v1.4.29, where the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. The private API keys become visible in the developer tools when the endpoint is called from the frontend, enabling unauthorized access to sensitive credentials.
Attackers require only low-privilege access (PR:L), such as a Viewer or Prompt Editor role, to exploit this remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), earning a CVSS v3.1 base score of 8.1 (C:H/I:H/A:N). Successful exploitation allows retrieval of the API keys, which can then be used to perform actions on behalf of the affected project, access private data, and delete resources.
A fix is available via commit 8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc in the lunary-ai/lunary GitHub repository. Further details on the vulnerability and remediation are provided on the Huntr bounty page at https://huntr.com/bounties/ffb84fe8-3e60-4200-ac2d-1fd1e1c93e91.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Lunary.ai is an LLM observability and management platform (alternative to LangSmith) for AI projects involving prompts and API keys, fitting enterprise tools for AI assistants and LLM apps.