| 제목 | SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639) |
|---|
| 설명 | # Technical Details
An Insecure Direct Object Reference (IDOR) exists in the `delete_agent`, `stop_schedule`, and `get_schedule_data` methods in `superagi/controllers/agent.py` of SuperAGI.
The application fails to verify that the target agent belongs to the requesting user's organization. All three endpoints only validate the JWT token via `Depends(check_auth)` but perform no ownership check on the `agent_id` parameter.
# Vulnerable Code
File: superagi/controllers/agent.py
Method: delete_agent (lines 383-420), stop_schedule (lines 238-256), get_schedule_data (lines 289-329)
Why: The `delete_agent` endpoint queries `Agent.id == agent_id` without any org check, then marks the agent as deleted, terminates all its running executions, and stops any scheduled runs — affecting the victim's resources entirely.
# Reproduction
1. Authenticate with an attacker account and obtain a valid JWT.
2. Delete victim's agent (soft delete + terminates all executions):
curl -s -X PUT -H "Authorization: Bearer $JWT" "http://localhost:3000/api/agents/delete/1"
3. Stop victim's scheduled agent:
curl -s -X POST -H "Authorization: Bearer $JWT" -H "Content-Type: application/json" "http://localhost:3000/api/agents/stop/schedule" -d '{"agent_id": 1}'
4. Read victim's agent schedule data:
curl -s -H "Authorization: Bearer $JWT" "http://localhost:3000/api/agents/get/schedule_data/1"
# Impact
- Data Destruction: Deleting agents terminates all their executions and stops all schedules.
- Service Disruption: Victim's automated agent pipelines are immediately stopped.
- Information Disclosure: Agent schedule configurations (cron expressions, start times) are exposed.
|
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/1d87985b274ce22c4294726d7758df8e |
|---|
| 사용자 | Eric-z (UID 95890) |
|---|
| 제출 | 2026. 03. 27. PM 01:00 (24 날 ago) |
|---|
| 모더레이션 | 2026. 04. 19. PM 06:13 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358248 [TransformerOptimus SuperAGI 까지 0.0.14 agent.py delete_agent/stop_schedule/get_schedule_data agent_id 권한 상승] |
|---|
| 포인트들 | 20 |
|---|