CVE-2024-6829 — CRITICAL (9.1)

Vulnerability Description

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aimstack	Aim	3.19.3

Related Weaknesses (CWE)

CWE-73

References

https://huntr.com/bounties/7c97065c-1b63-4982-82c1-8038be0ed570ExploitThird Party Advisory

FAQ

What is CVE-2024-6829?

CVE-2024-6829 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the ...

How severe is CVE-2024-6829?

CVE-2024-6829 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-6829?

Check the references section above for vendor advisories and patch information. Affected products include: Aimstack Aim.