aimhubio Aim Path Traversal Vulnerability in Delete-Batch Endpoint Allowing Arbitrary File or Directory Deletion
Vulnerability
A path traversal vulnerability has been identified in the 'runs/delete-batch' endpoint of aimhubio/aim version 3.19.3. This vulnerability allows for arbitrary file or directory deletion by exploiting the endpoint's failure to properly sanitize user-specified run names. The run names, which are intended to identify log and metadata files for deletion, can be manipulated to traverse the file system and delete unintended files or directories. This could lead to data loss or a denial-of-service condition.
Impact
Exploitation of this vulnerability could result in unauthorized deletion of files or directories, causing potential data loss or a denial-of-service condition.
Reproduction
To reproduce this vulnerability, host the aim UI server and initialize a repository. Create a target file in the current working directory. Then, send a request to the 'runs/delete-batch' endpoint with a payload that includes a path traversal sequence, targeting the file created in the first step.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.