CVE-2024-9418

Medium CVSS: 6.5

In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

Vendor

Superagi

Product

Superagi

CWE

CWE-256

Yayın Tarihi

2025-03-20 10:15:48

Güncelleme

2025-10-15 13:15:59

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-256 Superagi MEDIUM Superagi 2025

Referanslar

https://huntr.com/bounties/9a8118a2-ea32-41f5-b501-fef4f31d8213

Benzer Kayıtlar

Medium

CVE-2025-51472

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execu…

Medium

CVE-2025-51475

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows rem…

Medium

CVE-2025-6280

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is th…

High

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers…

Medium

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisat…

High

CVE-2024-9415

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Th…