제출 #791082: SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)정보

제목SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)
설명# Technical Details An Insecure Direct Object Reference (IDOR) exists in the `get_project`, `update_project`, and `get_projects_organisation` methods in `superagi/controllers/project.py` of SuperAGI. The application fails to verify that the target project or organization belongs to the requesting user. All three endpoints only validate the JWT token via `Depends(check_auth)` but perform no organization membership verification. # Vulnerable Code File: superagi/controllers/project.py Method: get_project (lines 70-89), update_project (lines 92-124), get_projects_organisation (lines 127-151) Why: All endpoints use attacker-controlled `project_id` or `organisation_id` URL parameters without any ownership check, allowing cross-organization data access and modification. # Reproduction 1. Authenticate with an attacker account and obtain a valid JWT. 2. List all projects for victim's organization: curl -s -H "Authorization: Bearer $JWT" "http://localhost:3000/api/projects/get/organisation/3" 3. Read a specific victim project: curl -s -H "Authorization: Bearer $JWT" "http://localhost:3000/api/projects/get/1" 4. Modify victim's project name: curl -s -X PUT -H "Authorization: Bearer $JWT" -H "Content-Type: application/json" "http://localhost:3000/api/projects/update/1" -d '{"name":"HACKED Project","description":"compromised"}' # Impact - Information Disclosure: Attacker enumerates all projects and their configurations across all organizations. - Data Integrity: Project names and descriptions can be modified, disrupting team workflows. - Reconnaissance: Project listing reveals organizational structure and agent deployment patterns.
원천⚠️ https://gist.github.com/YLChen-007/ac40da2253c7364d043c0dfe3275190b
사용자
 Eric-z (UID 95890)
제출2026. 03. 27. PM 01:01 (25 날 ago)
모더레이션2026. 04. 19. PM 06:13 (23 days later)
상태수락
VulDB 항목358249 [TransformerOptimus SuperAGI 까지 0.0.14 project.py 권한 상승]
포인트들20

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!