Path Traversal Vulnerability in AimHub.io's Run Management Feature
CVE-2024-6483
5.3MEDIUM
Summary
A security flaw in AimHub's runs/delete-batch endpoint in version 3.19.3 allows malicious users to exploit path traversal techniques. This vulnerability arises from inadequate input validation of user-specified run-names, which could lead to the unauthorized deletion of files and directories. Consequently, this could result in significant data loss or denial of service, posing serious risks to system integrity.
Affected Version(s)
aimhubio/aim <= unspecified
References
CVSS V3.0
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved