An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NSuperagi
APPSuperagi0.0.14
Powiązane podatności
In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. Af...
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14...
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version ...
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attack...
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability...