Theprimetime

**Name of the Vulnerable Software and Affected Versions** Cognition Devin versions prior to 2024-12-12 **Description** The issue allows an attacker to gain write access to code if they discover the URL https://vscode-randomly generated string.devinapps.com (also known as the VSCode live share URL) for a specific "Use Devin's Machine" session. This URL may be discovered if a customer posts a screenshot of a Devin session to social media or publicly streams their Devin session. **Recommendations** For versions prior to 2024-12-12, consider restricting access to the `https://vscode-randomly generated string.devinapps.com` URL to prevent unauthorized write access to code. As a temporary workaround, avoid publicly sharing or streaming Devin sessions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.