TransformerOptimus SuperAGI Authorization Bypass Vulnerability in Agent Execution Endpoint

An authorization bypass vulnerability has been identified in TransformerOptimus SuperAGI versions through 0.0.14. The issue resides in the Agent Execution Endpoint, specifically within the 'get_agent_execution' and 'update_agent_execution' functions of 'superagi/controllers/agent_execution.py'. The vulnerability allows authenticated users to access and manipulate agent execution data belonging to other organizations by exploiting Insecure Direct Object Reference (IDOR). This is achieved by modifying the 'agent_execution_id' parameter without proper authorization checks, leading to unauthorized access and control over agent executions.

Impact

Exploitation of this vulnerability disrupts services by allowing attackers to terminate running agent executions, causing potential resource abuse by consuming LLM API credits. Additionally, it enables unauthorized access to sensitive agent execution details, including configurations and run histories.

Reproduction

To reproduce this vulnerability, authenticate as a user and obtain a valid JWT token. Then, use the 'GET /agentexecutions/get/{id}' endpoint to read agent execution details from another organization by replacing '{id}' with the target execution ID. After that, the 'PUT /agentexecutions/update/{id}' endpoint can be used to modify the execution status of the same agent, either terminating it or re-triggering its execution.