Description

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server.

INFO

Published Date :

2025-03-20T10:10:50.251Z

Last Modified :

2025-03-20T18:15:48.518Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6829 vulnerability.

Vendors Products
Aimstack
  • Aim
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6829.

URL Resource
https://huntr.com/bounties/7c97065c-1b63-4982-82c1-8038be0ed570 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact