4 matches found
CVE-2024-10649
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The...
CVE-2024-10649
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The...
CVE-2024-10649
creationtimestamp| type| source ---|---|--- 2025-02-10 18:54:08+00:00| seen| https://infosec.exchange/users/cve/statuses/113981105493870458 2025-02-10 18:58:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113981122716007211 2025-02-10 19:15:51+00:00| seen|...
CVE-2024-10649
CVE-2024-10649 affects wandb/openui (commit c945bb859979659add5f490a874140ad17c56a5d). The vulnerability arises from unauthenticated endpoints that allow uploading and downloading files to an AWS S3 bucket via the /v1/share/{id:str} endpoints, enabling potential denial of service, stored XSS, and...