CVE-2024-1879 – A Cross-Site Request Forgery (CSRF) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-1879?

CVE-2024-1879 has a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery (CSRF) vulnerability in AutoGPT v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server by tricking users into visiting malicious websites. The vulnerability affects users running AutoGPT in their local network with default CORS settings. Attackers can exploit this to run commands on the victim's AutoGPT instance.

📋 TL;DR

A Cross-Site Request Forgery (CSRF) vulnerability in AutoGPT v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server by tricking users into visiting malicious websites. The vulnerability affects users running AutoGPT in their local network with default CORS settings. Attackers can exploit this to run commands on the victim's AutoGPT instance.

💻 Affected Systems

Products:

significant-gravitas/autogpt

Versions: v0.5.0 and earlier

Operating Systems: All platforms running AutoGPT

Default Config Vulnerable: ⚠️ Yes

Notes: Default CORS settings allow arbitrary origins, exacerbating the vulnerability. Requires AutoGPT server to be running and accessible.

📦 What is this software?

Autogpt Classic by Agpt

View all CVEs affecting Autogpt Classic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the AutoGPT server allowing arbitrary command execution, data exfiltration, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized command execution on the AutoGPT server, potentially leading to data manipulation, system compromise, or resource abuse.

🟢

If Mitigated

Limited impact with proper CSRF protections and CORS restrictions in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction and local network access, but CORS misconfiguration increases exposure.

🏢 Internal Only: HIGH - Local network users are primary targets, and default configuration makes exploitation straightforward.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (visiting malicious site) but is technically simple. References show detailed exploitation methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.1

Vendor Advisory: https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669

Restart Required: Yes

Instructions:

1. Update AutoGPT to version 5.1 or later. 2. Restart the AutoGPT service. 3. Verify CSRF protections are enabled and CORS is properly configured.

🔧 Temporary Workarounds

Disable CORS for arbitrary origins

all

Restrict CORS to trusted origins only to prevent cross-site request reading

Configure CORS settings in AutoGPT configuration to allow only specific trusted domains

Implement CSRF tokens

all

Add CSRF token validation to API endpoints

Implement anti-CSRF middleware that validates tokens on all state-changing requests

🧯 If You Can't Patch

Isolate AutoGPT instances to separate network segments with strict access controls
Implement web application firewall rules to block cross-origin requests to AutoGPT API endpoints

🔍 How to Verify

Check if Vulnerable:

Check if running AutoGPT version 0.5.0 or earlier and verify CORS allows arbitrary origins in configuration

Check Version:

Check AutoGPT version in application interface or configuration files

Verify Fix Applied:

Verify AutoGPT version is 5.1 or later and test that CSRF tokens are required for API requests

📡 Detection & Monitoring

Log Indicators:

Unusual API requests from external origins
Command execution logs showing unexpected operations
Failed CSRF token validation attempts

Network Indicators:

Cross-origin requests to AutoGPT API endpoints
Malicious website traffic patterns targeting internal AutoGPT instances

SIEM Query:

source_ip IN (external_ips) AND dest_port=AutoGPT_port AND http_user_agent CONTAINS 'malicious' OR http_referer CONTAINS 'suspicious_domain'

📊 Metadata

CVE ID: CVE-2024-1879

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: June 6, 2024

Last Updated: August 5, 2025

🔗 References

https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669 Patch
https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32 Exploit,Third Party Advisory
https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669 Patch
https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1879, you might also want to check these: