
We found results for “”
CVE-2024-9418
Date: March 20, 2025
In version 0.0.14 of transformeroptimus/superagi, the API endpoint "/api/users/get/{id}" returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.
Severity Score
Severity Score
Weakness Type (CWE)
Insufficiently Protected Credentials
CWE-522CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |