CVE-2024-9447

Exploit

EPSS 0.11%
Veröffentlicht 20.03.2025 10:10:10
Zuletzt bearbeitet 29.07.2025 19:04:30
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Superagi ≫ Superagi Version0.0.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.301

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-1230 Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.

https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-9447

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9447

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9447

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-9447