Insufficiently Protected Credentials in transformeroptimus/superagi

In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

N/A

明文存储口令

SuperAGI 安全漏洞

SuperAGI是SuperAGI开源的一个开源基础设施应用程序。用于构建组件、工具、框架和模型以实现开源 AGI。 SuperAGI 0.0.14版本存在安全漏洞，该漏洞源于API端点返回用户密码明文，可能导致账户接管。

N/A

N/A