FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-6331

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

Published: Aug 4, 2024 / Updated: 3mo ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability in stitionai/devika main branch (as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f) allows Local File Read (LFI) through Prompt Injection. This is due to the integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings`, which disables content protection.

Impact

This vulnerability allows malicious actors to execute unauthorized commands, potentially leading to the exposure of sensitive information. For example, attackers could read sensitive file contents like `/etc/passwd`. The confidentiality impact is rated as HIGH, while integrity and availability impacts are NONE. The overall CVSS v3.1 base score is 6.5, categorized as HIGH severity.

Exploitation

One proof-of-concept exploit is available on huntr.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch. The vulnerability affects the main branch of stitionai/devika from May 2, 2024 onwards (versionStartIncluding: "2024-05-02").

Mitigation

While no specific mitigation is mentioned, security teams should consider the following: 1. Review and adjust the `safety_settings` in Google Gimini 1.0 Pro integration, particularly for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT`. 2. Implement proper input validation and sanitization to prevent prompt injection attacks. 3. Limit access to sensitive files and implement strict access controls. 4. Monitor for any suspicious activities or unauthorized file access attempts. 5. Keep the stitionai/devika software updated to the latest secure version when available.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6331

Aug 4, 2024 at 12:15 AM
First Article

Feedly found the first article mentioning CVE-2024-6331. See article

Aug 4, 2024 at 12:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 4, 2024 at 12:24 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.4%)

Aug 6, 2024 at 11:58 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Aug 30, 2024 at 4:20 PM / nvd
Static CVE Timeline Graph

Affected Systems

Stitionai/devika
+null more

Exploits

https://huntr.com/bounties/d5ac1051-22fa-42f0-8d82-73267482e60f
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-116: Excavation
+null more

News

CVE-2024-6331 Exploit
inTheWild.io Exploits / 3mo
CVE Id : CVE-2024-6331 Published Date: 2024-08-20T19:55:00+00:00 stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`. inTheWild added a link to an exploit: https://huntr.com/bounties/d5ac1051-22fa-42f0-8d82-73267482e60f
CVE-2024-6331
Newest CVEs from Tenable / 3mo
High Severity Description stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`. Read more at https://www.tenable.com/cve/CVE-2024-6331
NA - CVE-2024-6331 - stitionai/devika main branch as of commit...
Security-Database Alerts Monitor : Last 100 Alerts / 3mo
This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`. Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores
CVE-2024-6331 | stitionai devika up to 1.0 Google Gimini file inclusion
VulDB Recent Entries / 3mo
A vulnerability has been found in stitionai devika up to 1.0 and classified as problematic . This vulnerability affects unknown code of the component Google Gimini . The manipulation leads to file inclusion. This vulnerability was named CVE-2024-6331 . The attack can be initiated remotely. There is no exploit available.
CVE-2024-6331
INCIBE-CERT - Vulnerabilities RSS / 3mo
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 6.5(29815)CWE-200(8807)CWE-74(1406)Stitionai()

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial