High

superagi

User Information Leak via Duplicate Email Registration

A vulnerability in the latest version of the software allows attackers to leak sensitive user information by attempting to register with an existing email. The issue was identified in the user registration endpoint and has not yet been patched.

Available publicly on Dec 19 2024

7.5

CVE:

CVE-2024-10267

CWE:

359:Exposure of Private Personal Information to an Unauthorized Actor

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

codevigilanteofficial
AssessDetect

Unavailable

Remediate
Remediation Steps
  1. Update the user registration endpoint to prevent returning existing user information when a duplicate email is detected.
  2. Implement proper error handling to return a generic error message without exposing sensitive data.
  3. Review and update the code to ensure that sensitive information is not exposed in any other endpoints.
  4. Conduct a thorough security audit to identify and fix similar vulnerabilities.
  5. Inform users about the potential data exposure and recommend changing their passwords.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.