CVE-2024-10267

Exploit

EPSS 0.11%
Veröffentlicht 20.03.2025 10:09:43
Zuletzt bearbeitet 18.07.2025 19:57:36
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Superagi ≫ Superagi Version0.0.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.291

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-10267

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10267

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10267

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10267