CVE-2024-5549

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5549
A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleting projects or sending messages. The issue arises from the lack of proper origin validation, allowing unauthorized cross-origin requests to be executed. The vulnerability is present in all versions of the repository, as no fixed version has been specified.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd
https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd
Configurations

No configuration.

History

21 Nov 2024, 09:47

Type Values Removed Values Added
References () https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 - () https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 -
References () https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd - () https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd -

12 Jul 2024, 08:15

Type Values Removed Values Added
Summary (en) Origin Validation Error in GitHub repository stitionai/devika prior to -. (en) A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleting projects or sending messages. The issue arises from the lack of proper origin validation, allowing unauthorized cross-origin requests to be executed. The vulnerability is present in all versions of the repository, as no fixed version has been specified.

09 Jul 2024, 18:19

Type Values Removed Values Added
Summary
  • (es) Error de validación de origen en el repositorio de GitHub stitionai/devika antes de -.

09 Jul 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-09 00:15

Updated : 2024-11-21 09:47

NVD link : CVE-2024-5549

Mitre link : CVE-2024-5549

CVE.ORG link : CVE-2024-5549

JSON object : View

Products Affected

No product.

CWE
CWE-346

Origin Validation Error


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024