| Title | SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639) |
|---|
| Description | # Technical Details
A Authorization Bypass exists in the `get_config_by_organisation_id` method in `superagi/controllers/config.py` of SuperAGI.
The application fails to verify if the requesting authenticated user belongs to the specified organization, allowing an Insecure Direct Object Reference (IDOR).
# Vulnerable Code
File: superagi/controllers/config.py
Method: get_config_by_organisation_id
Why: The endpoint uses `Depends(check_auth)` which only validates the validity of the JWT token, but it does NOT verify if the user belongs to the requested `organisation_id` passed in the URL. As a result, the application retrieves and decrypts stored API keys (such as OpenAI keys) of any organization and returns them to the attacker.
# Reproduction
1. Authenticate with an attacker account and obtain a valid JWT.
2. Read a victim organization's configs (for example, org_id=3) by sending the following request:
curl -s -H "Authorization: Bearer $JWT" "http://localhost:3000/api/configs/get/organisation/3"
# Impact
- API Key Theft: Attacker steals decrypted LLM API keys (OpenAI, Palm, etc.) belonging to other organizations.
- Financial Abuse: Stolen API keys can be used for unauthorized LLM API calls billed to the victim.
- Configuration Tampering: The companion setup endpoint follows the same pattern, allowing attackers to write configs to any organization.
|
|---|
| Source | ⚠️ https://gist.github.com/YLChen-007/678c631238f1767802bda057ea083936 |
|---|
| User | Eric-z (UID 95890) |
|---|
| Submission | 03/27/2026 12:47 (25 days ago) |
|---|
| Moderation | 04/19/2026 07:40 (23 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 300344 [transformeroptimus superagi exposure of sensitive information through metadata] |
|---|
| Points | 0 |
|---|