CRITICAL🇵🇱 Wersja polska

CVE-2024-6396

CVSS 9.8v3.0pub. 2024-07-12upd. 2025-07-23

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of the `run_hash` and `repo.path` parameters in the `_backup_run` function. An attacker can manipulate these parameters to point to arbitrary file paths on the server (path traversal, CWE-29). This allows creating and writing content to arbitrary locations in the file system without authorization, as well as reading and exfiltrating stored data.

Impact

An attacker can overwrite critical system files leading to denial of service (DoS), steal sensitive data stored on the server, or achieve remote code execution (RCE) by replacing executable or configuration files.

Mitigation & patch

Apply patches available from the vendor according to the references. As an interim remedial action, it is recommended to restrict network access to Aim instances only to trusted IP addresses and monitor the integrity of critical system files.

Who is affected

Aimstack Aim version 3.19.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aimstack Aim

    APP
    Aimstack
    3.19.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2024-8769CRITICAL9.1PL ✓ten sam produkt

Aimstack Aim: path traversal umożliwiający usunięcie dowolnego pliku

CVE-2024-6829CRITICAL9.1PL ✓ten sam produkt

Path traversal w Aimstack Aim – zapis plików w dowolnej lokalizacji serwera

CVE-2024-7760CRITICAL9.6PL ✓ten sam produkt

CSRF w Aimstack Aim — łańcuch podatności z RCE i DoS

CVE-2024-2195CRITICAL9.8PL ✓ten sam produkt

RCE w Aimstack Aim – wykonanie kodu przez parametr query w API

CVE-2025-51463HIGH7.0ten sam produkt

Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the s...