CVE-2024-56083 Information

Description

Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific �se Devin’s Machine\ session. For example this URL may be discovered if a customer posts a screenshot of a Devin session to social media or publicly streams their Devin session.

Reference

https://news.ycombinator.com/item?id=42420423 https://trust.cognition.ai https://www.youtube.com/watch?v=927W6zzvV-c https://x.com/cognition_labs/status/1867351521035530698