CVE-2024-12048
20.03.2025, 10:15
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.Enginsight| Vendor | Product | Version |
|---|---|---|
| superagi | superagi | 0.0.14 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-304 - Missing Critical Step in AuthenticationThe software implements an authentication technique, but it skips a step that weakens the technique.
- CWE-639 - Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.