CVE Vulnerabilities

CVE-2024-9418

Insufficiently Protected Credentials

Published: Mar 20, 2025 | Modified: Mar 20, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/{id} returns the users password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Potential Mitigations

References