CVE-2024-10457

Name of the Vulnerable Software and Affected Versions autogpt versions agpt-platform-beta-v0.1.1

Description Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities arise when block inputs are controlled by untrusted sources, leading to potential credential leakage, internal network scanning, and unauthorized access to internal services, APIs, or data stores. The affected blocks include GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock.

Recommendations For version agpt-platform-beta-v0.1.1, consider disabling the affected blocks, including GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock, until a patch is available. Restrict access to these blocks to minimize the risk of exploitation. Avoid using untrusted sources to control block inputs.