CVE-2024-6829

Critical CVSS: 9.1

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server.

Vendor

Aimstack

Product

Aim

CWE

CWE-73

Yayın Tarihi

2025-03-20 10:15:33

Güncelleme

2025-07-23 20:57:12

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-73 Aim CRITICAL Aimstack 2025

Referanslar

https://huntr.com/bounties/7c97065c-1b63-4982-82c1-8038be0ed570

Benzer Kayıtlar

High

CVE-2025-51464

Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims bro…

High

CVE-2025-51463

Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's fi…

Medium

CVE-2025-5321

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function R…

High

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides…

High

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` object…

Critical

CVE-2024-8769

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file d…