Description
PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.
Problem types
Exposure of Sensitive Information to an Unauthorized Actor
Product status
Any version before 1.7.3
1.7.3 (semver)
Credits
dinhvaren
References
github.com/...isonAI/security/advisories/GHSA-6wjp-v33h-5cvq
github.com/...isonAI/security/advisories/GHSA-6wjp-v33h-5cvq (GitHub Security Advisory (GHSA-6wjp-v33h-5cvq))
www.vulncheck.com/...ated-agent-access-via-insecure-defaults (VulnCheck Advisory: PraisonAI before 1.7.3 Unauthenticated Agent Access via Insecure Defaults)