Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks
Vulnerability Description
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements. This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
AutoGPT 日志信息泄露漏洞
Vulnerability Description
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT autogpt-platform-beta-v0.6.46之前版本存在日志信息泄露漏洞,该漏洞源于Stagehand集成块以明文记录API密钥和身份验证密钥,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A