{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T09:50:43.906","vulnerabilities":[{"cve":{"id":"CVE-2024-8769","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:44.220","lastModified":"2025-10-15T13:15:55.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server."},{"lang":"es","value":"Una vulnerabilidad en la función `LockManager.release_locks` de aimhubio/aim (commit bb76afe) permite la eliminación arbitraria de archivos mediante un path traversal relativo. El parámetro `run_hash`, controlable por el usuario, se concatena sin normalización como parte de una ruta utilizada para especificar la eliminación de archivos. Esta vulnerabilidad se expone mediante el método `Repo._close_run()`, accesible mediante la API de instrucciones del servidor de seguimiento. Por lo tanto, un atacante puede explotarla para eliminar cualquier archivo arbitrario en la máquina que ejecuta el servidor de seguimiento."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aimstack:aim:*:*:*:*:*:*:*:*","versionEndExcluding":"3.24.0","matchCriteriaId":"246E76E0-EE63-475C-BB5B-B08F82996A34"}]}]}],"references":[{"url":"https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/59d3472f-f581-4beb-a090-afd36a00ecf7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}