CVE-2024-6433

Local File Inclusion in stitionai/devika

CVSS 7.5 HIGHEPSS 0.6%CWE-23

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 jul 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path parameter.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

stitionai · stitionai/devika

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://huntr.com/bounties/7d0463dd-6373-4eb8-86fc-beac0a1391a5