CVE-2024-9095

CriticalPublic PoC

Published: 20 March 2025

Published

20 March 2025

Modified

15 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0037 58.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of cloud environments, to another cloud account they control on the same service.

Security Summary

CVE-2024-9095 is a critical vulnerability in lunary-ai/lunary version v1.4.28, where the /bigquery API route lacks proper access control. This flaw allows any logged-in user to create a Datastream to Google BigQuery and export the entire database, including sensitive data such as password hashes and secret API keys. The route is only protected by a configuration check (config.DATA_WAREHOUSE_EXPORTS_ALLOWED) without verifying the user's access level or implementing access control middleware. It carries a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-862.

Any logged-in user can exploit this vulnerability remotely with low complexity and no user interaction. Successful exploitation enables the extraction of the full database via BigQuery, leading to sensitive data exposure, credential compromise, service disruptions, and breaches in service integrity.

A patch is available via GitHub commit a8d7b2959e87c30fbafdb12af7ffa093385dcc60, and additional details are provided in the Huntr bounty report at https://huntr.com/bounties/e242a92e-da41-440d-b718-3de91e4b4eac.

Details

CWE(s): CWE-862NVD-CWE-noinfo

Affected Products

lunary

1.4.28

AI Security Analysis

AI Category: Enterprise AI Assistants
Risk Domain: Privacy and Disclosure
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Lunary.ai is an open-source LLM engineering platform for monitoring, managing, and improving LLM applications, which aligns with Enterprise AI Assistants. The vulnerability affects its API for data export in an AI/ML observability context.

MITRE ATT&CK Enterprise Techniques

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

T1537 Transfer Data to Cloud Account Exfiltration

Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of cloud environments, to another cloud account they control on the same service.

attack.mitre.org →

Why these techniques?

The lack of access control on the /bigquery API enables any valid account holder (T1078) to collect sensitive data including credentials from the database (T1213.006) and transfer it to a Google BigQuery instance (T1537).

References

https://github.com/lunary-ai/lunary/commit/a8d7b2959e87c30fbafdb12af7ffa093385dcc60
Patch · security@huntr.dev
https://huntr.com/bounties/e242a92e-da41-440d-b718-3de91e4b4eac
Exploit, Third Party Advisory · security@huntr.dev