Local File Read Vulnerability
Available publicly on Jun 27 2024
Threat Overview
The vulnerability stems from improper input validation in the handling of the 'snapshot_path' parameter within the API endpoint '/api/get-browser-snapshot'. By crafting a request with a manipulated 'snapshot_path' parameter, an attacker can read arbitrary files from the server's filesystem. This could lead to the disclosure of sensitive information, such as system configuration details, credentials stored in files, or any data that the server has access to. The impact is significant as it compromises the confidentiality and integrity of the server's data.
Attack Scenario
An attacker discovers the vulnerable endpoint and crafts a malicious HTTP GET request targeting the '/api/get-browser-snapshot' API. By setting the 'snapshot_path' parameter to the path of a sensitive file (e.g., '/etc/passwd'), the attacker can retrieve the contents of that file. This attack can be performed remotely and does not require authentication, making it particularly dangerous.
Who is affected
All users and administrators of the 'devika' web application by stitionai are affected by this vulnerability. Specifically, systems where the latest version of 'devika' is deployed without any mitigating controls in place are at risk. The vulnerability exposes sensitive files on the server to unauthorized access.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.