transformeroptimus Superagi Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing information disclosure exists in the latest version of transformeroptimus/superagi. The issue arises because the '/get/organisation/' endpoint fails to verify the user's organization. This flaw enables any authenticated user to access sensitive configuration details, such as API keys, from any organization. The potential consequences include unauthorized access to services and significant data breaches or financial losses.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive organizational data, including API keys, leading to data breaches or financial losses.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

transformeroptimus Superagi Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating