An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HSuperagi
APPSuperagi0.0.14
Related vulnerabilities
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability...
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version ...
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attack...
In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. Af...
SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows ...