aimhubio Aim Cross-Site Request Forgery Vulnerability in Tracking Server
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in aimhubio/aim version 3.22.0, specifically within the tracking server. This vulnerability arises from overly permissive Cross-Origin Resource Sharing (CORS) settings, which allow cross-origin requests from any origin. As a result, all endpoints on the tracking server are susceptible to CSRF attacks. This vulnerability can be exploited in conjunction with other existing vulnerabilities, such as remote code execution, denial of service, and arbitrary file read/write.
Impact
Exploitation of this vulnerability allows for CSRF attacks on all tracking server endpoints. This can be combined with other unpatched vulnerabilities, particularly remote code execution, denial of service, and arbitrary file read/write.
Reproduction
To reproduce this vulnerability, first initialize and start the tracking server. Then, host a payload on a malicious website that sends a cross-origin request to the tracking server's resource endpoint, followed by a request to the instruction endpoint. Ensure that the second request is sent after the first one is completed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.