Description

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server.

INFO

Published Date :

2025-03-20T10:11:22.123Z

Last Modified :

2025-10-15T12:50:42.461Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8769 vulnerability.

Vendors Products
Aimstack
  • Aim
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8769.

URL Resource
https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact