Name of the Vulnerable Software and Affected Versions:

AutoGPT versions prior to 0.6.16

Description:

AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents. The external API’s `get graph execution results` endpoint has an authorization bypass. While the API correctly validates user access to the `graph id` parameter, it fails to verify ownership of the `graph exec id` parameter. This allows authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters.

Recommendations:

Update AutoGPT to version 0.6.16 or later.