Lucene search
MitreVULNRICHMENT:CVE-2024-40422HistoryJul 24, 2024 - 12:00 a.m.
CVE-2024-40422
2024-07-2400:00:00
mitre
github.com
3
path traversal attack
api endpoint
sensitive files
unauthorized access
confidentiality
integrity
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:*"
],
"vendor": "stitionai",
"product": "devika",
"versions": [
{
"status": "affected",
"version": "1.0"
}
],
"defaultStatus": "unknown"
}
]Related
exploitdb
exploitdb
Devika v1 - Path Traversal via 'snapshot_path'
2024-08-04 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Stitionai Devika
2024-08-06 07:09:47
Exploit for Path Traversal in Stitionai Devika
2024-07-03 21:43:15
Exploit for Path Traversal in Stitionai Devika
2024-08-05 22:21:06
nvd
nvd
CVE-2024-40422
2024-07-24 16:15:07
packetstorm
packetstorm
Devika 1 Path Traversal
2024-08-05 00:00:00
cvelist
cvelist
CVE-2024-40422
2024-07-24 00:00:00
cve
cve
CVE-2024-40422
2024-07-24 16:15:07
nuclei
nuclei
Devika v1 - Path Traversal
2024-08-05 17:49:38
zdt
zdt
Devika v1 - Path Traversal via (snapshot_path) Exploit
2024-08-04 00:00:00
openvas
openvas
AI Score
6.6
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-40422