{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9431", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-10-02T15:05:48.523Z", "datePublished": "2025-03-20T10:09:46.141Z", "dateUpdated": "2025-10-15T12:50:03.221Z"}, "containers": {"cna": {"title": "Improper Privilege Management in transformeroptimus/superagi", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:50:03.221Z"}, "descriptions": [{"lang": "en", "value": "In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover."}], "affected": [{"vendor": "transformeroptimus", "product": "transformeroptimus/superagi", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/9b33d7c1-ed0a-4f5b-a378-694570fd990b"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-620 Unverified Password Change", "cweId": "CWE-620"}]}], "source": {"advisory": "9b33d7c1-ed0a-4f5b-a378-694570fd990b", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:50:02.321690Z", "id": "CVE-2024-9431", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:34:58.795Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9431", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:50:02.321690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:50:04.462Z"}}], "cna": {"title": "Improper Privilege Management in transformeroptimus/superagi", "source": {"advisory": "9b33d7c1-ed0a-4f5b-a378-694570fd990b", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "transformeroptimus", "product": "transformeroptimus/superagi", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/9b33d7c1-ed0a-4f5b-a378-694570fd990b"}], "descriptions": [{"lang": "en", "value": "In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:46.141Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9431", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:34:58.795Z", "dateReserved": "2024-10-02T15:05:48.523Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:46.141Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "3C63CFCE-4FB2-47EC-A731-8C17458675D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover."}, {"lang": "es", "value": "En la versi\u00f3n v0.0.14 de transformeroptimus/superagi, existe una vulnerabilidad de gesti\u00f3n de privilegios incorrecta. Tras iniciar sesi\u00f3n en el sistema, los usuarios pueden cambiar las contrase\u00f1as de otros usuarios, lo que podr\u00eda provocar el robo de cuentas."}], "id": "CVE-2024-9431", "lastModified": "2025-10-15T13:15:59.380", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-20T10:15:48.827", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/9b33d7c1-ed0a-4f5b-a378-694570fd990b"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-620"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{}