Path Traversal Vulnerability in Aimhubio's Aim Product
CVE-2024-8769
9.1CRITICAL
Summary
A vulnerability in the LockManager.release_locks function within Aimhubio's Aim product permits unauthorized file deletion via relative path traversal. By manipulating the user-controllable run_hash parameter, which is concatenated into a file path without proper normalization, an attacker can exploit this flaw through the Repo._close_run() method accessible via the tracking server instruction API. This enables the potential deletion of arbitrary files on the server machine, posing serious security risks.
Affected Version(s)
aimhubio/aim <= unspecified
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved