← back
CVE-2024-12048

IDOR Vulnerability in transformeroptimus/superagi

CVSS 8.8 HIGHEPSS 0.7%CWE-304
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
transformeroptimus · transformeroptimus/superagi

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc