CVE-2024-10267

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10267

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10267.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10267

Published

2025-03-20T10:15:15.607Z

Modified

2026-04-10T05:08:04.653789Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality.

References

https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e

Affected packages

Git / github.com/transformeroptimus/superagi

Affected ranges

Type

GIT

Repo

https://github.com/transformeroptimus/superagi

Events

Introduced

Last affected

7411a016d458619e26fed43718421f9fac9d10e0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.14"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.10

v0.0.11

v0.0.12

v0.0.13

v0.0.14

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v0.0.7

v0.0.8

v0.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10267.json"