Security Advisory

CVE-2024-7340

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-31 15:00:04

Last updated 2024-11-25 12:44:07

Assigner JFROG

State PUBLISHED

Description

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.

← Browse all CVEs View on cve.org ↗