exploitDog

GHSA-h4x7-365q-3rm3

Опубликовано: 20 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/{id} returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/{id} returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

Ссылки

EPSS

Процентиль: 19%

0.00062

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-256

CWE-522

Связанные уязвимости

CVE-2024-9418

CVSS3: 6.5

nvd

11 месяцев назад

In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

EPSS

Процентиль: 19%

0.00062

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-256

CWE-522