Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-CQH9-JFQR-H9JJ
HistoryMay 16, 2024 - 9:33 a.m.

Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability

2024-05-1609:33:09
CWE-918
GitHub Advisory Database
github.com
8
weights and biases
ssrf
vulnerability
http 302 redirects
webhooks
aws
remote code execution

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

Withdrawn Advisory

This advisory has been withdrawn because the underlying issue existed in Weights and Biases’s backend server code, not the software development kit included in the wandb PyPI package, as originally reported. This link is maintained to preserve external references.

Original Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the ‘User settings -> Webhooks’ function to exploit this vulnerability to access internal HTTP(s) servers. In severe cases, such as on AWS instances, this could potentially be abused to achieve remote code execution on the victim’s machine. The vulnerability is present in the latest version of the repository.

CPENameOperatorVersion
wandble0.17.0

Related

cvelist 1
osv 1
cve 1
cvelist
cvelist
CVE-2024-4642 SSRF due to bad 302 redirect handling in wandb/wandb
2024-05-16 09:03:48
osv
osv
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
2024-05-16 09:33:09
cve
cve
CVE-2024-4642
2024-05-16 09:15:17

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for GHSA-CQH9-JFQR-H9JJ
cvelist1osv1cve1