CVE-2024-5549 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleting projects or sending messages. The issue arises from the lack of proper origin validation, allowing unauthorized cross-origin requests to be executed. The vulnerability is present in all versions of the repository, as no fixed version has been specified.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Stitionai	Devika	1.0

Related Weaknesses (CWE)

CWE-346

References

https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee7Patch
https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afdExploitThird Party Advisory
https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee7Patch
https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afdExploitThird Party Advisory

FAQ

What is CVE-2024-5549?

CVE-2024-5549 is a vulnerability with a CVSS score of 8.1 (HIGH). A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services....

How severe is CVE-2024-5549?

CVE-2024-5549 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-5549?

Check the references section above for vendor advisories and patch information. Affected products include: Stitionai Devika.