⚠️ Check for existing issues before proceeding. ⚠️
Where are you using SuperAGI?
Linux
Which branch of SuperAGI are you using?
Main
Do you use OpenAI GPT-3.5 or GPT-4?
GPT-4
Which area covers your issue best?
Agents
Describe your issue.
SuperAGI's agent controller endpoint /api/agents/get/project/{project_id} allows authenticated users from one organization to retrieve the complete list of agents belonging to a different organization's project. The endpoint accepts a project_id parameter but does not verify that the project belongs to the authenticated user's organization.
Affected Endpoint:
GET /api/agents/get/project/{project_id} - get_agents_by_project_id at superagi/controllers/agent.py:333
Vulnerability Type: Improper Access Control (CWE-284)
How to replicate your Issue?
Prerequisites:
- Deploy SuperAGI instance with multi-organization support
- Create two organizations: Organization A (victim) and Organization B (attacker)
- Create user accounts in both organizations
- Set up Burp Suite proxy at
127.0.0.1:8080
Reproduction Steps:
-
Setup victim data:
- Log in to SuperAGI as Organization A user
- Create a project with several agents
- Note the
project_id (visible in browser URL or network requests)
-
Capture baseline request:
- Log in to SuperAGI as Organization B user (attacker)
- Navigate to your own project's agent list
- Open browser developer tools (Network tab) or use Burp Suite
- Observe the request to
/api/agents/get/project/{your_project_id}
-
Exploit the vulnerability:
- In Burp Suite Repeater (or modify the request in browser):
- Keep the Organization B user's authentication token/cookie
- Replace
{your_project_id} in the URL path with Organization A's project ID
- Send the GET request
-
Verify the impact:
- The request succeeds with HTTP 200 response
- The response body contains Organization A's agent list with full details
- Organization B user successfully accessed Organization A's agent data without authorization
Upload Error Log Content
No error logs
Where are you using SuperAGI?
Linux
Which branch of SuperAGI are you using?
Main
Do you use OpenAI GPT-3.5 or GPT-4?
GPT-4
Which area covers your issue best?
Agents
Describe your issue.
SuperAGI's agent controller endpoint
/api/agents/get/project/{project_id}allows authenticated users from one organization to retrieve the complete list of agents belonging to a different organization's project. The endpoint accepts aproject_idparameter but does not verify that the project belongs to the authenticated user's organization.Affected Endpoint:
GET /api/agents/get/project/{project_id}-get_agents_by_project_idatsuperagi/controllers/agent.py:333Vulnerability Type: Improper Access Control (CWE-284)
How to replicate your Issue?
Prerequisites:
127.0.0.1:8080Reproduction Steps:
Setup victim data:
project_id(visible in browser URL or network requests)Capture baseline request:
/api/agents/get/project/{your_project_id}Exploit the vulnerability:
{your_project_id}in the URL path with Organization A's project IDVerify the impact:
Upload Error Log Content
No error logs