Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged

Filter by:

With package: kdePackages.threadweaver

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2024-7340

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.

References

https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-… third-party-advisory
https://github.com/wandb/weave/pull/1657 patch
https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-… third-party-advisory
https://github.com/wandb/weave/pull/1657 patch

Affected products

weave

=<0.50.7

Matching in nixpkgs

pkgs.weaver

OpenTelemetry tool for dealing with semantic conventions and application telemetry schemas

nixos-unstable -
- nixpkgs-unstable 0.17.1

pkgs.weave-gitops

Weave Gitops CLI

nixos-unstable -
- nixpkgs-unstable 0.38.0

pkgs.kdePackages.threadweaver

ThreadWeaver

nixos-unstable -
- nixpkgs-unstable 6.18.0

pkgs.python312Packages.pweave

Scientific reports with embedded python computations with reST, LaTeX or markdown

nixos-unstable -
- nixpkgs-unstable 0.30.3

pkgs.python313Packages.pweave

Scientific reports with embedded python computations with reST, LaTeX or markdown

nixos-unstable -
- nixpkgs-unstable 0.30.3

pkgs.typstPackages.weave_0_1_0

A helper library for chaining lambda abstractions

nixos-unstable -
- nixpkgs-unstable 0.1.0

pkgs.typstPackages.weave_0_2_0

A helper library for chaining lambda abstractions

nixos-unstable -
- nixpkgs-unstable 0.2.0

pkgs.haskellPackages.weave-core

Core definitions for weave

nixos-unstable -
- nixpkgs-unstable 0.1.0.0

pkgs.haskellPackages.amazonka-simspaceweaver

Amazon SimSpace Weaver SDK

nixos-unstable -
- nixpkgs-unstable 2.0

pkgs.python312Packages.mypy-boto3-simspaceweaver

Type annotations for boto3 simspaceweaver

nixos-unstable -
- nixpkgs-unstable boto3-simspaceweaver-1.40.16

pkgs.python313Packages.mypy-boto3-simspaceweaver

Type annotations for boto3 simspaceweaver

nixos-unstable -
- nixpkgs-unstable boto3-simspaceweaver-1.40.16

pkgs.python312Packages.types-aiobotocore-simspaceweaver

Type annotations for aiobotocore simspaceweaver

nixos-unstable -
- nixpkgs-unstable 2.23.2

pkgs.python313Packages.types-aiobotocore-simspaceweaver

Type annotations for aiobotocore simspaceweaver

nixos-unstable -
- nixpkgs-unstable 2.23.2

Package maintainers

@mjm Matt Moriarity <matt@mattmoriarity.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@K900 Ilya K. <me@0upti.me>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@NickCao Nick Cao <nickcao@nichi.co>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@cherrypiejam Gongqi Huang
@aaronjheng Aaron Jheng <wentworth@outlook.com>

1