CVE-2024-8238 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution. The vulnerability arises because str.format_map() can read arbitrary attributes of Python objects, enabling attackers to access sensitive variables such as os.environ. If an attacker can write files to a known location on the Aim server, they can use str.format_map() to load a malicious .dll/.so file into the Python interpreter, leading to unrestricted code execution.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aimstack	Aim	3.22.0

Related Weaknesses (CWE)

CWE-1336

References

https://huntr.com/bounties/4e140ef9-f6d1-4e68-a44c-3b9e856924d3ExploitThird Party Advisory

FAQ

What is CVE-2024-8238?

CVE-2024-8238 is a vulnerability with a CVSS score of 8.1 (HIGH). In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() m...

How severe is CVE-2024-8238?

CVE-2024-8238 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8238?

Check the references section above for vendor advisories and patch information. Affected products include: Aimstack Aim.