CORS Misconfiguration Leading to Data Leak
A Cross-Origin Resource Sharing (CORS) misconfiguration in the Devika platform allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys. The vulnerability also enables attackers to perform actions on behalf of the user, like deleting projects or sending messages. The affected version is not specified, and there is no mention of a patched version.
Available publicly on Jul 09 2024
Threat Overview
The vulnerability arises from a misconfiguration in the CORS policy of the Devika platform, which fails to validate the origin of HTTP requests properly. This oversight allows malicious websites to perform actions and access data on behalf of users without their consent. The impact is significant as it compromises the confidentiality and integrity of sensitive information and can lead to unauthorized actions being performed on the platform.
Attack Scenario
An attacker sets up a malicious website containing a script designed to send requests to the Devika platform on behalf of the user. When a user visits this malicious site, the script executes, sending requests to the Devika platform and then forwarding the response, which contains sensitive information, back to the attacker. This scenario can also be extended to perform actions such as creating or deleting projects and sending messages, exploiting the same CORS misconfiguration.
Who is affected
Users of the Devika platform are directly affected by this vulnerability as their sensitive information can be stolen and unauthorized actions can be performed on their behalf. Additionally, organizations using Devika for project management and communication may also be indirectly affected due to the potential compromise of their data and operations.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.