Skip to main content

Superagi CVE-2023-48055

HIGH
Use of Hard-coded Credentials (CWE-798)
2023-11-16 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 16, 2023 - 18:15 nvd
HIGH 7.5

DescriptionNVD

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications.

AnalysisAI

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. Affected products include: Superagi.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2024-9415 HIGH POC
8.8 Mar 20

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Ra

CVE-2024-12048 HIGH POC
8.8 Mar 20

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. Rated hi

CVE-2024-10267 HIGH POC
7.5 Mar 20

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated high severity

CVE-2024-9447 MEDIUM POC
6.5 Mar 20

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated medium severi

CVE-2024-9418 MEDIUM POC
6.5 Mar 20

In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in

CVE-2026-6582 MEDIUM POC
5.5 Apr 19

Remote unauthenticated access to vector database configurations in TransformerOptimus SuperAGI ≤0.0.14 allows attackers

CVE-2026-6615 MEDIUM POC
5.5 Apr 20

Path traversal in TransformerOptimus SuperAGI versions up to 0.0.14 allows remote unauthenticated attackers to read, wri

CVE-2026-6612 LOW POC
2.1 Apr 20

TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to bypass authorization controls

CVE-2026-6616 LOW POC
2.1 Apr 20

Server-side request forgery (SSRF) in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attac

CVE-2026-6614 LOW POC
2.1 Apr 20

Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to access

CVE-2026-6613 LOW POC
2.1 Apr 20

Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated attackers to manipulate th

CVE-2026-6585 LOW POC
2.1 Apr 19

Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated users to modify arbitrary

Share

CVE-2023-48055 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy