CVE-2024-56083

Name of the Vulnerable Software and Affected Versions Cognition Devin versions prior to 2024-12-12

Description The issue allows an attacker to gain write access to code if they discover the URL https://vscode-randomly generated string.devinapps.com (also known as the VSCode live share URL) for a specific "Use Devin's Machine" session. This URL may be discovered if a customer posts a screenshot of a Devin session to social media or publicly streams their Devin session.

Recommendations For versions prior to 2024-12-12, consider restricting access to the https://vscode-randomly generated string.devinapps.com URL to prevent unauthorized write access to code. As a temporary workaround, avoid publicly sharing or streaming Devin sessions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.