AIMHUBIO Aim Hacked: Path Traversal Vulnerability Affects User Data
CVE-2024-6396
9.8CRITICAL
What is CVE-2024-6396?
A vulnerability exists in the _backup_run
function of Aimhubio's Aim version 3.19.3, allowing remote attackers to exploit improper handling of the run_hash
and repo.path
parameters. By manipulating these parameters, attackers can overwrite any file on the host server, leading to unauthorized file modifications and potential data exfiltration. This vulnerability poses significant risks, including denial of service by overwriting critical system files and the possibility of remote code execution.
Affected Version(s)
aimhubio/aim <= unspecified