CVE-2024-9431

{"id": "CVE-2024-9431", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:48.827", "references": [{"url": "https://huntr.com/bounties/9b33d7c1-ed0a-4f5b-a378-694570fd990b", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover."}, {"lang": "es", "value": "En la versi\u00f3n v0.0.14 de transformeroptimus/superagi, existe una vulnerabilidad de gesti\u00f3n de privilegios incorrecta. Tras iniciar sesi\u00f3n en el sistema, los usuarios pueden cambiar las contrase\u00f1as de otros usuarios, lo que podr\u00eda provocar el robo de cuentas."}], "lastModified": "2025-07-29T19:18:38.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C63CFCE-4FB2-47EC-A731-8C17458675D3"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}