Path Traversal Vulnerability in AimHub.io's Run Management Feature
CVE-2024-6483

5.3MEDIUM

Key Information:

Vendor

Aimhubio

Status
Aimhubio/aim
Vendor
CVE Published:
20 March 2025

What is CVE-2024-6483?

A security flaw in AimHub's runs/delete-batch endpoint in version 3.19.3 allows malicious users to exploit path traversal techniques. This vulnerability arises from inadequate input validation of user-specified run-names, which could lead to the unauthorized deletion of files and directories. Consequently, this could result in significant data loss or denial of service, posing serious risks to system integrity.

Affected Version(s)

aimhubio/aim <= unspecified

References

https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecf...

CVSS V3.0

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-6483 : Path Traversal Vulnerability in AimHub.io's Run Management Feature