HIGH🇵🇱 Wersja polska

CVE-2024-9431

CVSS 8.8v3.1pub. 2025-03-20upd. 2025-10-15

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Superagi

    APP
    Superagi
    0.0.14
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9437HIGH7.5ten sam produkt

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability...

CVE-2024-12048HIGH8.8ten sam produkt

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14...

CVE-2024-9415HIGH8.8ten sam produkt

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version ...

CVE-2024-10267HIGH7.5ten sam produkt

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attack...

CVE-2024-9439HIGH8.8ten sam produkt

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows ...