CVE-2024-9447

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1230
View all →

Vulnerability Description

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

Related Vulnerabilities

CVE-2025-1921

MEDIUM
CVSS:6.5(Medium)

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security seve...

CWE-12302025

CVE-2024-47517

MEDIUM
CVSS:6.8(Medium)

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access

CWE-12302024

CVE-2024-53291

HIGH
CVSS:7.5(High)

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne...

CWE-12302024

CVE-2025-0330

HIGH
CVSS:7.5(High)

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive informati...

CWE-12302025

CVE-2023-1974

HIGH
CVSS:7.7(High)

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.

CWE-12302023

CVE-2024-49395

MEDIUM
CVSS:5.3(Medium)

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

CWE-12302024