CVE-2024-6331 – This vulnerability allows attackers to read sen... (How to Fix)

Q: What is the severity of CVE-2024-6331?

CVE-2024-6331 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to read sensitive local files through prompt injection in the Devika AI assistant. It affects systems running Devika with Google Gemini 1.0 Pro integration where safety settings are disabled. Attackers can exploit this to access files like /etc/passwd.

📋 TL;DR

This vulnerability allows attackers to read sensitive local files through prompt injection in the Devika AI assistant. It affects systems running Devika with Google Gemini 1.0 Pro integration where safety settings are disabled. Attackers can exploit this to access files like /etc/passwd.

💻 Affected Systems

Products:

stitionai/devika

Versions: main branch up to commit cdfb782b0e634b773b10963c8034dc9207ba1f9f

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires Google Gemini 1.0 Pro integration with HarmBlockThreshold.BLOCK_NONE for hate speech and harassment categories.

📦 What is this software?

Devika by Stitionai

View all CVEs affecting Devika →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, SSH keys, or database credentials leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized reading of sensitive system files containing user information, configuration data, or application secrets.

🟢

If Mitigated

Limited impact with proper input validation and safety settings enabled, restricting file access to authorized paths only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit involves prompt injection to bypass file access restrictions. Public bounty details available on huntr.com.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Post-commit cdfb782b0e634b773b10963c8034dc9207ba1f9f

Vendor Advisory: https://huntr.com/bounties/d5ac1051-22fa-42f0-8d82-73267482e60f

Restart Required: Yes

Instructions:

1. Update to latest Devika version. 2. Review and modify safety_settings to use appropriate HarmBlockThreshold values. 3. Restart the Devika service.

🔧 Temporary Workarounds

Enable Safety Settings

all

Configure Google Gemini safety settings to block harmful content instead of using BLOCK_NONE

Modify safety_settings in configuration to use HarmBlockThreshold.BLOCK_ONLY_HIGH or higher for HARM_CATEGORY_HATE_SPEECH and HARM_CATEGORY_HARASSMENT

Input Validation

all

Implement strict input validation to prevent prompt injection attacks

Add input sanitization for user prompts to filter file path references

🧯 If You Can't Patch

Disable Google Gemini 1.0 Pro integration temporarily
Implement network segmentation to isolate Devika instances from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check if safety_settings use HarmBlockThreshold.BLOCK_NONE for hate speech and harassment categories in Google Gemini configuration

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify safety_settings use appropriate blocking levels and test prompt injection attempts are rejected

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Devika logs
Multiple failed prompt attempts with file path references

Network Indicators:

Unexpected outbound connections from Devika instances

SIEM Query:

source="devika" AND ("etc/passwd" OR "file://" OR "../")

📊 Metadata

CVE ID: CVE-2024-6331

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-74

Published: August 4, 2024

Last Updated: August 30, 2024

🔗 References

https://huntr.com/bounties/d5ac1051-22fa-42f0-8d82-73267482e60f Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6331, you might also want to check these: