CVE-2024-9447

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-9447

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9447.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9447

Published

2025-03-20T10:15:49.200Z

Modified

2026-04-10T05:19:55.696895Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

References

https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd

Affected packages

Git / github.com/transformeroptimus/superagi

Affected ranges

Type

GIT

Repo

https://github.com/transformeroptimus/superagi

Events

Introduced

Last affected

7411a016d458619e26fed43718421f9fac9d10e0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.14"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.10

v0.0.11

v0.0.12

v0.0.13

v0.0.14

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v0.0.7

v0.0.8

v0.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9447.json"