Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

Published

2025-03-20T10:15:49.200

Last Modified

2025-07-29T19:04:30.093

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1230

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	superagi	superagi	0.0.14	Yes

References

https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd Exploit, Third Party Advisory ([email protected])