Wlc
Monthly
The wlc Weblate command-line client prior to version 1.17.2 is vulnerable to arbitrary file write attacks through path traversal when downloading multi-translations from a malicious or compromised server. An authenticated attacker can exploit this vulnerability by crafting a specially designed server response to write files to arbitrary locations on the victim's system, potentially compromising system integrity. This vulnerability affects wlc versions before 1.17.2 and is fixed in the patched version.
Wlc versions prior to 1.17.0 fail to restrict unscoped API keys, allowing them to be transmitted to unintended Weblate servers and potentially leaked to attackers with local access or through compromised credentials. A local attacker with user privileges could exploit this information disclosure to gain unauthorized access to Weblate instances across multiple servers. A patch is available in version 1.17.0 and later.
The wlc Weblate command-line client prior to version 1.17.2 is vulnerable to arbitrary file write attacks through path traversal when downloading multi-translations from a malicious or compromised server. An authenticated attacker can exploit this vulnerability by crafting a specially designed server response to write files to arbitrary locations on the victim's system, potentially compromising system integrity. This vulnerability affects wlc versions before 1.17.2 and is fixed in the patched version.
Wlc versions prior to 1.17.0 fail to restrict unscoped API keys, allowing them to be transmitted to unintended Weblate servers and potentially leaked to attackers with local access or through compromised credentials. A local attacker with user privileges could exploit this information disclosure to gain unauthorized access to Weblate instances across multiple servers. A patch is available in version 1.17.0 and later.