CVE-2024-9447

Name of the Vulnerable Software and Affected Versions transformeroptimus/superagi (affected versions not specified)

Description An information disclosure issue exists due to the lack of verification of a user's organization in the /get/organisation/ endpoint, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

Recommendations As a temporary workaround, consider restricting access to the /get/organisation/ endpoint until a patch is available. Avoid using the /get/organisation/ endpoint with authenticated users who do not need access to organization configuration details. At the moment, there is no information about a newer version that contains a fix for this vulnerability.