CVE-2024-56083

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 125

Summary

CVE-2024-56083 is a newly disclosed vulnerability affecting Cognition Devin before December 12, 2024. This issue grants attackers write access to the codebase of a specific "Use Devin's Machine" session, which can be discovered through the VSCode live share URL. Such URLs might be exposed if customers share screenshots of their sessions on social media or stream them publicly. Exploitation of this vulnerability could potentially lead to serious code injection attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1otAQf
https://www.cve.org/CVERecord?id=CVE-2024-56083
https://nvd.nist.gov/vuln/detail/CVE-2024-56083

Back to Vulnerability Database

CVE-2024-56083

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations