Description

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist.

INFO

Published Date :

2024-09-11T12:49:07.293Z

Last Modified :

2024-09-11T18:23:23.728Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6091 vulnerability.

Vendors Products
Agpt
  • Autogpt Classic
Significant-gravitas
  • Autogpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6091.

URL Resource
https://github.com/significant-gravitas/autogpt/commit/ef691359b774a1f9f80cf4f5ace9821967b718ed cve-icon cve-icon
https://huntr.com/bounties/8a742c13-bb5e-4bc9-8b86-049d8a386050 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact