CVE-2024-9095 Overview
CVE-2024-9095 is a critical Broken Access Control vulnerability in lunary-ai/lunary version v1.4.28. The /bigquery API route lacks proper access control mechanisms, allowing any authenticated user to create a Datastream to Google BigQuery and export the entire database. This vulnerability exposes sensitive data including password hashes and secret API keys, potentially leading to complete system compromise.
Critical Impact
Any logged-in user can exfiltrate the entire database containing sensitive credentials, API keys, and user data through the unprotected BigQuery export functionality.
Affected Products
- Lunary v1.4.28
- lunary-ai/lunary (NPM package)
- Self-hosted Lunary deployments with DATA_WAREHOUSE_EXPORTS_ALLOWED enabled
Discovery Timeline
- 2025-03-20 - CVE-2024-9095 published to NVD
- 2025-10-15 - Last updated in NVD database
Technical Details for CVE-2024-9095
Vulnerability Analysis
This vulnerability represents a classic Broken Access Control (CWE-862) weakness where the application fails to perform adequate authorization checks on a sensitive endpoint. The /bigquery API route in Lunary is protected only by a configuration flag (config.DATA_WAREHOUSE_EXPORTS_ALLOWED) that determines whether the feature is enabled globally. However, the route does not implement any role-based access control or verify whether the authenticated user has appropriate privileges to perform database exports.
The vulnerability allows any user who has basic authentication to the Lunary platform—regardless of their role or permission level—to initiate a complete database export to an external Google BigQuery instance. This design flaw means that a low-privileged user, or even an attacker who has compromised any valid user account, can extract the entire database contents.
Root Cause
The root cause of this vulnerability is the absence of access control middleware on the /bigquery API endpoint. While the developers implemented a configuration check to enable or disable the BigQuery export feature globally, they failed to add authorization logic that verifies whether the requesting user has administrative privileges or specific export permissions. The endpoint assumes that any authenticated user should have access to database export functionality, which violates the principle of least privilege.
Attack Vector
An attacker can exploit this vulnerability through the following attack chain:
Obtain Valid Credentials: The attacker first needs to authenticate to the Lunary platform. This could be achieved through credential theft, social engineering, or by having legitimate low-privileged access.
Craft Export Request: Once authenticated, the attacker sends a request to the /bigquery API endpoint with their Google BigQuery credentials and destination configuration.
Data Exfiltration: The application processes the request without verifying the user's authorization level, creating a Datastream that exports the entire database—including sensitive tables containing password hashes, API keys, and other confidential information—to the attacker-controlled BigQuery instance.
Credential Compromise: With access to password hashes and API keys, the attacker can perform offline cracking attempts, gain access to integrated services, and potentially escalate their access across the organization's infrastructure.
The vulnerability is exploitable remotely over the network and requires no user interaction beyond the initial authentication, making it highly accessible to attackers with even minimal access to the system.
Detection Methods for CVE-2024-9095
Indicators of Compromise
- Unexpected API calls to the /bigquery endpoint from non-administrative user accounts
- Datastream connections established to unfamiliar Google BigQuery projects or datasets
- Database export activities occurring outside normal business hours or administrative maintenance windows
- Multiple BigQuery export requests from the same user account in a short time period
Detection Strategies
- Implement API endpoint monitoring to log and alert on all requests to the /bigquery route, including the requesting user's identity and role
- Deploy anomaly detection for data export activities, flagging any export requests from users who do not typically perform administrative functions
- Monitor network traffic for connections to Google BigQuery services, correlating with user activity logs
- Set up SIEM rules to detect privilege escalation patterns where low-privileged users access sensitive administrative endpoints
Monitoring Recommendations
- Enable comprehensive audit logging for all data export and warehouse integration endpoints
- Configure real-time alerting for any BigQuery Datastream creation events
- Monitor for bulk data transfer patterns that may indicate unauthorized database exfiltration
- Review access logs periodically to identify unauthorized access attempts to administrative API routes
How to Mitigate CVE-2024-9095
Immediate Actions Required
- Upgrade lunary-ai/lunary to a patched version that includes the security fix from commit a8d7b2959e87c30fbafdb12af7ffa093385dcc60
- Temporarily disable the DATA_WAREHOUSE_EXPORTS_ALLOWED configuration option until the patch is applied
- Review audit logs for any unauthorized access to the /bigquery endpoint and investigate suspicious activity
- Rotate all API keys and credentials that may have been exposed through potential exploitation
Patch Information
The vulnerability has been addressed in a security patch committed to the Lunary GitHub repository. The fix implements proper access control checks on the /bigquery API route to ensure only authorized users with appropriate administrative privileges can initiate database exports.
Organizations should update to a version containing this commit or apply the patch manually to their self-hosted deployments. Additional details about the vulnerability and the fix can be found in the Huntr security bounty report.
Workarounds
- Disable the BigQuery export functionality by setting DATA_WAREHOUSE_EXPORTS_ALLOWED to false in your configuration until the patch can be applied
- Implement network-level access controls to restrict access to the /bigquery endpoint to trusted administrative IP addresses only
- Deploy a reverse proxy or web application firewall (WAF) rule to block requests to the /bigquery route from non-administrative users
- Audit and minimize the number of user accounts with access to the Lunary platform to reduce the attack surface
# Configuration example - Disable BigQuery exports until patched
# In your Lunary environment configuration:
export DATA_WAREHOUSE_EXPORTS_ALLOWED=false
# Alternatively, if using a .env file:
# DATA_WAREHOUSE_EXPORTS_ALLOWED=false
# Restart the Lunary service after applying the configuration change
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
