{"uuid": "d2ed5d39-3e9f-4702-9ca4-3bc37093144b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7340", "type": "published-proof-of-concept", "source": "https://t.me/BhinnekaSec/2642", "content": "Exploit for W&B Weave Server - Remote Arbitrary File Leak (CVE-2024-7340)\ud83e\udd77\n\nDescription\ud83d\udd08\nThe Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n\nNuclei Template\ud83c\udf0e\nView the template here CVE-2024-7340.yaml\n\nValidate with Nuclei\necho \"$URL\" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-7340.yaml\n\nReferences:\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7340\nhttps://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/\nhttps://github.com/wandb/weave/pull/1657\nhttps://github.com/advisories/GHSA-r49h-6qxq-624f", "creation_timestamp": "2024-10-15T01:39:58.000000Z"}