The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.
View the template here CVE-2024-7340.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7340