CVE-2024-4642

Name of the Vulnerable Software and Affected Versions wandb (affected versions not specified)

Description A Server-Side Request Forgery (SSRF) issue exists due to improper handling of HTTP 302 redirects. This allows team members with access to the 'User settings -> Webhooks' function to exploit the issue and access internal HTTP(s) servers. In severe cases, such as on AWS instances, this could potentially be abused to achieve remote code execution on the victim's machine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.