CVE-2024-12048

Source
https://cve.org/CVERecord?id=CVE-2024-12048
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12048.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12048
Published
2025-03-20T10:11:27.726Z
Modified
2026-07-08T07:47:10.855606565Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
IDOR Vulnerability in transformeroptimus/superagi
Details

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{projectid}, /get/scheduledata/{agentid}, /delete/{agentid}, /get/organisation/{organisationid}, and /get/user/{userid}.

Database specific
{
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-304"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12048.json"
}
References

Affected packages

Git / github.com/transformeroptimus/superagi

Affected ranges

Type
GIT
Repo
https://github.com/transformeroptimus/superagi
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.0.14"
        },
        {
            "last_affected": "0.0.14"
        }
    ],
    "cpe": "cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*",
    "source": "CPE_STRING"
}

Affected versions

0.*
0.0.14
v0.*
v0.0.14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12048.json"