In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/{id} returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9418.json",
"cna_assigner": "@huntr_ai",
"cwe_ids": [
"CWE-256"
]
}