3 matches found
CVE-2026-6614
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
GHSA-943M-6WX2-RC2J praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...