Executive Summary

This vulnerability exists in TransformerOptimus SuperAGI versions up to 0.0.14, specifically in the Agent Execution Endpoint component. It affects the functions get_agent_execution and update_agent_execution within the file superagi/controllers/agent_execution.py. The issue arises from the manipulation of the argument agent_execution_id, which can lead to an authorization bypass. This means an attacker can remotely exploit this flaw to gain unauthorized access or perform actions they should not be allowed to.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability allows an attacker to bypass authorization controls remotely by manipulating the agent_execution_id argument. This can lead to unauthorized access to agent execution functions, potentially allowing the attacker to view, modify, or control agent executions without proper permissions. Such unauthorized actions could compromise the integrity and confidentiality of the system's operations.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthorized access to agent execution details belonging to other organizations, leading to information disclosure of potentially sensitive data.

Such unauthorized access and manipulation of data can result in violations of data protection regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information.

Additionally, the ability to disrupt or manipulate agent executions may impact data integrity and availability, further affecting compliance with standards that mandate data security and operational reliability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing the authorization checks on the SuperAGI agent execution endpoints, specifically the GET and PUT API routes for agent executions.

An attacker with a valid JWT token can exploit the lack of organization ownership verification by sending requests to these endpoints with different agent_execution_id values.

Suggested commands to detect the vulnerability include:

• Using a GET request to read another organization's agent execution details: curl -H "Authorization: Bearer <valid_jwt_token>" https://<target>/agentexecutions/get/<agent_execution_id>
• Using a PUT request to modify the status of an agent execution (e.g., to TERMINATED): curl -X PUT -H "Authorization: Bearer <valid_jwt_token>" -H "Content-Type: application/json" -d '{"status": "TERMINATED"}' https://<target>/agentexecutions/update/<agent_execution_id>
• Using a PUT request to restart an agent execution by setting status to RUNNING: curl -X PUT -H "Authorization: Bearer <valid_jwt_token>" -H "Content-Type: application/json" -d '{"status": "RUNNING"}' https://<target>/agentexecutions/update/<agent_execution_id>

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected API endpoints to trusted users only and monitoring for suspicious activity involving agent execution IDs.

Since the vulnerability arises from missing authorization checks verifying organization ownership, applying additional access control measures or implementing custom authorization logic to verify ownership before allowing access or modification is critical.

If possible, temporarily disable or restrict the use of the GET and PUT agent execution endpoints until a proper patch or update is available.

Monitor logs for unusual PUT requests changing agent execution statuses, which could indicate exploitation attempts.

Useful 0 Not Useful 0