{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8769", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-09-12T21:42:09.583Z", "datePublished": "2025-03-20T10:11:22.123Z", "dateUpdated": "2025-03-20T13:05:22.240Z"}, "containers": {"cna": {"title": "Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:11:22.123Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server."}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-29 Path Traversal: '\\..\\filename'", "cweId": "CWE-29"}]}], "source": {"advisory": "59d3472f-f581-4beb-a090-afd36a00ecf7", "discovery": "EXTERNAL"}}, "adp": [{"references": [{"url": "https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T13:05:15.740464Z", "id": "CVE-2024-8769", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T13:05:22.240Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8769", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-20T13:05:15.740464Z"}}}], "references": [{"url": "https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T13:05:09.752Z"}}], "cna": {"title": "Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim", "source": {"advisory": "59d3472f-f581-4beb-a090-afd36a00ecf7", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-29", "description": "CWE-29 Path Traversal: '\\..\\filename'"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:11:22.123Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8769", "state": "PUBLISHED", "dateUpdated": "2025-03-20T13:05:22.240Z", "dateReserved": "2024-09-12T21:42:09.583Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:11:22.123Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:*:*:*:*:*:*:*:*", "matchCriteriaId": "246E76E0-EE63-475C-BB5B-B08F82996A34", "versionEndExcluding": "3.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n `LockManager.release_locks` de aimhubio/aim (commit bb76afe) permite la eliminaci\u00f3n arbitraria de archivos mediante un path traversal relativo. El par\u00e1metro `run_hash`, controlable por el usuario, se concatena sin normalizaci\u00f3n como parte de una ruta utilizada para especificar la eliminaci\u00f3n de archivos. Esta vulnerabilidad se expone mediante el m\u00e9todo `Repo._close_run()`, accesible mediante la API de instrucciones del servidor de seguimiento. Por lo tanto, un atacante puede explotarla para eliminar cualquier archivo arbitrario en la m\u00e1quina que ejecuta el servidor de seguimiento."}], "id": "CVE-2024-8769", "lastModified": "2025-04-01T20:30:56.033", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-20T10:15:44.220", "references": [{"source": "security@huntr.dev", "tags": ["Exploit"], "url": "https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-29"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}