CVE-2024-6396 - Vulnerability Details - OpenCVE

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aimstack	Aim

Configuration 1 [-]

cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:python:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0

History

Wed, 23 Jul 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Aimstack Aimstack aim
CPEs		cpe:2.3:a:aimstack:aim:3.19.3:::::python::
Vendors & Products		Aimstack Aimstack aim

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-07-12T00:00:14.599Z

Updated: 2024-08-01T21:41:03.285Z

Reserved: 2024-06-27T18:22:40.719Z

Link: CVE-2024-6396

Vulnrichment

Updated: 2024-08-01T21:41:03.285Z

NVD

Status : Analyzed

Published: 2024-07-12T00:15:01.647

Modified: 2025-07-23T20:56:39.907

Link: CVE-2024-6396

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6396", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-27T18:22:40.719Z", "datePublished": "2024-07-12T00:00:14.599Z", "dateUpdated": "2024-08-01T21:41:03.285Z"}, "containers": {"cna": {"title": "Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-07-12T07:39:59.032Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. "}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-29 Path Traversal: '\\..\\filename'", "cweId": "CWE-29"}]}], "source": {"advisory": "c1b17afd-4656-47bb-8310-686a9e1b04a0", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "aimhubio", "product": "aim", "cpes": ["cpe:2.3:a:aimhubio:aim:3.19.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.19.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T17:18:53.503272Z", "id": "CVE-2024-6396", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T17:19:40.333Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.285Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.285Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6396", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-12T17:18:53.503272Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:aimhubio:aim:3.19.3:*:*:*:*:*:*:*"], "vendor": "aimhubio", "product": "aim", "versions": [{"status": "affected", "version": "3.19.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T17:19:35.964Z"}}], "cna": {"title": "Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim", "source": {"advisory": "c1b17afd-4656-47bb-8310-686a9e1b04a0", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-29", "description": "CWE-29 Path Traversal: '\\..\\filename'"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-07-12T07:39:59.032Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6396", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:03.285Z", "dateReserved": "2024-06-27T18:22:40.719Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-07-12T00:00:14.599Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:python:*:*", "matchCriteriaId": "13C0096F-50A0-4631-9D32-A6C7BD84B72D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. "}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n `_backup_run` en aimhubio/aim versi\u00f3n 3.19.3 permite a atacantes remotos sobrescribir cualquier archivo en el servidor host y filtrar datos arbitrarios. La vulnerabilidad surge debido al manejo inadecuado de los par\u00e1metros `run_hash` y `repo.path`, que pueden manipularse para crear y escribir en rutas de archivos arbitrarias. Esto puede provocar una denegaci\u00f3n de servicio al sobrescribir archivos cr\u00edticos del sistema, p\u00e9rdida de datos privados y posible ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2024-6396", "lastModified": "2025-07-23T20:56:39.907", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-07-12T00:15:01.647", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-29"}], "source": "security@huntr.dev", "type": "Secondary"}]}