CVE-2024-5549

Name of the Vulnerable Software and Affected Versions stitionai/devika repository (affected versions not specified)

Description The issue is caused by a CORS misconfiguration, which allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. Attackers can also perform actions on behalf of the user, including deleting projects or sending messages, due to the lack of proper origin validation. This enables unauthorized cross-origin requests to be executed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.