CVE-2024-5712 HIGH

CVE-2024-5712: CSRF Vulnerability in stitionai/devika

Vendor Stitionai
Product stitionai/devika
Weakness CWE-352 · CSRF
Published June 28, 2024
Last update August 1, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data.

Key dates

02Disclosure timeline

June 28, 2024 CVE published
August 1, 2024 Record updated