CVE-2024-9447

NONE EPSS 42.8%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

Threat Intelligence

EPSS Exploit Probability
42.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-1230

Affected Products 1

VendorProductVersionRange
superagisuperagi0.0.14any

References 1

  • huntr.com https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.