Lucene search

CVE-2024-40422

🗓️ 24 Jul 2024 16:07:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 85 Views🌐 WEB

The snapshot_path parameter in stitionai devika v1 is susceptible to a path traversal attack, leading to unauthorized access to critical system file

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 11
Exploit DB	Devika v1 - Path Traversal via 'snapshot_path'	4 Aug 202400:00	–	exploitdb
GithubExploit	Exploit for Path Traversal in Stitionai Devika	6 Aug 202407:09	–	githubexploit
GithubExploit	Exploit for Path Traversal in Stitionai Devika	5 Aug 202422:21	–	githubexploit
GithubExploit	Exploit for Path Traversal in Stitionai Devika	3 Jul 202421:43	–	githubexploit
Cvelist	CVE-2024-40422	24 Jul 202400:00	–	cvelist
Vulnrichment	CVE-2024-40422	24 Jul 202400:00	–	vulnrichment
0day.today	Devika v1 - Path Traversal via (snapshot_path) Exploit	4 Aug 202400:00	–	zdt
Nuclei	Devika v1 - Path Traversal	5 Aug 202417:49	–	nuclei
NVD	CVE-2024-40422	24 Jul 202416:15	–	nvd
Packet Storm	Devika 1 Path Traversal	5 Aug 202400:00	–	packetstorm

Nvd

Node

stitionai devikaMatch1.0

Source	Link
github	www.github.com/stitionai/devika
medium	www.medium.com/@alpernae/uncovering-path-traversal-in-devika-v1-a-deep-dive-into-cve-2024-40422-f8ce81398b99
github	www.github.com/stitionai/devika/pull/619
github	www.github.com/alpernae/CVE-2024-40422

Parameter	Position	Path	Description	CWE
snapshot_path	query param	/api/get-browser-snapshot	The snapshot_path parameter is susceptible to a path traversal attack, allowing access to sensitive files on the server.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jul 2024 16:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS39.1

EPSS0.87981

SSVC

CWE-22