Information Disclosure Vulnerability in TransformerOptimus SuperAGI
CVE-2024-10267

7.5HIGH

Key Information:

Vendor: Transformeroptimus
Status: Transformeroptimus/superagi
Vendor: CVE Published:; 20 March 2025

🔔 Create Transformeroptimus Vulnerability Alert

What is CVE-2024-10267?

An information disclosure vulnerability has been identified in TransformerOptimus' SuperAGI. This issue allows attackers to leak sensitive user information such as names, email addresses, and passwords when they attempt to register for a new account with an email that is already associated with an existing account. The system inadvertently exposes data linked to the existing account due to flaws in the user registration process, posing a significant security risk to user privacy.

Affected Version(s)

transformeroptimus/superagi <= unspecified

References

https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f64...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Oct 22, 2024

CVE-2024-10267 Data

JSON