Arbitrary File Deletion in aimhubio/aim

Vulnerability

Overview

CVE-2024-6851 affects Aim version 3.22.0, an open-source ML experiment tracker. The LocalFileManager._cleanup function in the tracking server accepts a user-specified glob pattern to delete files but fails to verify that the matched files reside within the directory managed by LocalFileManager [2]. This allows a maliciously crafted glob pattern to escape the intended directory and delete arbitrary files on the server [3].

Exploitation

An attacker who can supply a glob pattern to the Aim server—either through an authenticated API call or an exposed endpoint—can exploit this flaw. No special privileges beyond the ability to invoke the cleanup function are required. By providing patterns such as ../../etc/passwd or /*, the attacker can delete files outside the managed directory, leading to system compromise [4].

Impact

Successful exploitation results in arbitrary file deletion on the host system. This can cause denial of service, data loss, or disruption of the Aim server and potentially other services running on the same machine. The vulnerability is particularly severe in multi-tenant or shared environments where the Aim server is accessible to untrusted users.

Mitigation

As of publication, no official patch has been confirmed for CVE-2024-6851. Users running Aim 3.22.0 should restrict network access to the Aim server, avoid exposing the cleanup endpoint to untrusted users, and monitor the project repository for updates [1]. Workarounds include disabling the cleanup functionality or implementing additional input validation at a reverse proxy.