CVE-2024-12048

Exploit

EPSS 0.12%
Veröffentlicht 20.03.2025 10:11:27
Zuletzt bearbeitet 18.07.2025 19:58:36
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Superagi ≫ Superagi Version0.0.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.308

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-304 Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-12048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12048

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-12048