10 matches found
CVE-2024-7340
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
Improper Input Validation
The weave server API is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation while fetching files from a remote directory for allowed file paths. This allows to traverse and leak arbitrary files remotely and can lead to a low-privileged users assuming t...
Weave server API vulnerable to arbitrary file leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
GHSA-R49H-6QXQ-624F Weave server API vulnerable to arbitrary file leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340
CVE-2024-7340 – W&B Weave server remote arbitrary file leak . The Weave server API is vulnerable to directory traversal, allowing remote attackers to read arbitrary files from the server and, in some scenarios, escalate from low privilege to admin. Affected component: Weave server API (Weave ML t...
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
PT-2024-38274 · Unknown · Weave Server
Name of the Vulnerable Software and Affected Versions: Weave server affected versions not specified Description: The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. ...