Login Sign Up

CVE-2024-5712

8.1 HIGH
Authentication Bypass CSRF

📋 TL;DR

A Cross-Site Request Forgery (CSRF) vulnerability in the stitionai/devika application allows attackers to trick authenticated users into performing unauthorized actions like deleting projects or changing settings. This affects all users of the latest version of devika who have authenticated sessions. The vulnerability exists because the application lacks CSRF protection mechanisms.

💻 Affected Systems

Products:
  • stitionai/devika
Versions: Latest version (specific version not specified in CVE)
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments of devika without CSRF protection implemented. Requires user authentication for exploitation.

📦 What is this software?

Devika by Stitionai

View all CVEs affecting Devika →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete data loss through mass project deletion, application configuration corruption, and potential account takeover if settings changes enable further attacks.

🟠

Likely Case

Targeted deletion of specific projects or modification of application settings causing service disruption and data integrity issues.

🟢

If Mitigated

No impact if proper CSRF tokens or same-site cookie policies are implemented and validated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be authenticated and visit a malicious page. The vulnerability is well-documented in the huntr.com references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check huntr.com advisory for specific patched version

Vendor Advisory: https://huntr.com/bounties/301aeafb-af28-4b0b-a2cf-9a2ff1da1ef4

Restart Required: Yes

Instructions:

1. Check the huntr.com advisory for patch details. 2. Update to the patched version of devika. 3. Restart the application. 4. Verify CSRF protection is enabled.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to all state-changing endpoints

# Modify application code to generate and validate unique CSRF tokens per session

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

# Configure web server or application to set SameSite attribute on cookies

🧯 If You Can't Patch

  • Implement a web application firewall (WAF) with CSRF protection rules
  • Restrict application access to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Test if state-changing endpoints (POST, PUT, DELETE) accept requests without CSRF tokens when authenticated

Check Version:

# Check devika version in application interface or configuration files

Verify Fix Applied:

Verify that state-changing endpoints now require and validate CSRF tokens

📡 Detection & Monitoring

Log Indicators:

  • Multiple state-changing requests from same user in rapid succession
  • Unusual project deletion patterns

Network Indicators:

  • Requests to state-changing endpoints without Referer header validation
  • Cross-origin requests to authenticated endpoints

SIEM Query:

source="devika" AND (action="delete" OR action="update") AND user=* | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-5712
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CWE: CWE-352
Published: June 28, 2024
Last Updated: July 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5712, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)