High

devika

Local File Read Vulnerability

A local file read vulnerability was identified in the web application 'devika' by stitionai, affecting the latest version. The vulnerability allows an attacker to read arbitrary files from the system by manipulating the 'snapshot_path' parameter in a specific API request. There is no fixed version mentioned, indicating the issue might still be unresolved.

Available publicly on Jun 27 2024

7.5

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

ranjit-git
Remediation Steps
  • Ensure input validation is properly implemented for all user-supplied data, especially for file paths.
  • Employ a whitelist approach to limit the files that can be accessed through the 'snapshot_path' parameter.
  • Update the application to a version where the vulnerability is patched, once available.
  • As a temporary measure, restrict access to the vulnerable endpoint or disable it if not in use.
  • Regularly audit and monitor access logs for suspicious activities that might indicate exploitation attempts.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.