Vulnerability Details CVE-2024-12048
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.3%
CVSS Severity
CVSS v3 Score 8.8
References