CVE-2024-6331 in devika
Summary
by MITRE • 08/04/2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/21/2024
The vulnerability identified as CVE-2024-6331 represents a critical local file read vulnerability within the stitionai/devika application, specifically affecting the main branch up to commit cdfb782b0e634b773b10963c8034dc9207ba1f9f. This flaw emerges from the application's integration with Google Gemini 1.0 Pro API, where improper safety configuration creates a dangerous attack surface that allows for prompt injection attacks. The vulnerability stems from the application's failure to properly validate and sanitize user inputs before processing them through the AI integration, creating an environment where malicious actors can manipulate the system to read arbitrary files from the local filesystem.
The technical implementation of this vulnerability occurs through the specific configuration of safety settings within the Google Gemini API integration. When the application sets `HarmBlockThreshold.BLOCK_NONE` for both `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT`, it effectively disables critical content filtering mechanisms that would normally prevent malicious prompt injection attempts. This configuration creates a pathway where user-supplied inputs can bypass standard security controls and directly influence the AI's response generation process. The vulnerability manifests when an attacker crafts a prompt that includes file path references, such as `/etc/passwd`, which the AI system then processes without proper safeguards, resulting in unauthorized file access and potential information disclosure.
The operational impact of CVE-2024-6331 extends beyond simple information disclosure to encompass full system compromise capabilities. Attackers can leverage this vulnerability to read sensitive system files including but not limited to `/etc/passwd`, `/etc/shadow`, configuration files, and potentially database credentials stored on the system. This represents a severe escalation from a simple information disclosure vulnerability to a full system reconnaissance and privilege escalation vector. The vulnerability's classification aligns with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-73 (External Control of File Name or Path) while also demonstrating characteristics consistent with ATT&CK technique T1059.001 (Command and Scripting Interpreter: PowerShell) and T1078 (Valid Accounts) through the potential for privilege escalation and lateral movement within the compromised system.
Mitigation strategies for CVE-2024-6331 require immediate attention to the API integration configuration and input validation mechanisms. The primary remediation involves adjusting the Google Gemini API safety settings to implement appropriate harm block thresholds rather than disabling them entirely. Security controls should include comprehensive input sanitization and validation, implementing strict path validation for any user-supplied file references, and establishing proper access controls for file system operations. Organizations should also implement principle of least privilege for the application's file system access, ensuring that the application can only access necessary files and directories. Additionally, network-level controls such as firewalls and intrusion detection systems should be configured to monitor for unusual file access patterns, and regular security audits should validate that the API integration maintains appropriate safety configurations to prevent similar vulnerabilities from emerging in future updates.