CVE-2021-43775 - OpenCVE

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Aimstack	Aim

Configuration 1 [-]

cpe:2.3:a:aimstack:aim:*:*:*:*:*:python:*:*

References

Link	Resource
https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16	Product
https://github.com/aimhubio/aim/issues/999	Issue Tracking Third Party Advisory
https://github.com/aimhubio/aim/pull/1003	Patch Third Party Advisory
https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738	Patch
https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-11-23T19:15:13

Updated: 2021-11-23T19:15:12

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43775

JSON object: View

NVD Information

Status : Modified

Published: 2021-11-23T21:15:20.347

Modified: 2023-11-07T03:39:25.723

Link: CVE-2021-43775

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "aim", "vendor": "aimhubio", "versions": [{"status": "affected", "version": "< 3.1.0"}]}], "descriptions": [{"lang": "en", "value": "Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with \u201cdot-dot-slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-23T19:15:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/aimhubio/aim/issues/999"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/aimhubio/aim/pull/1003"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16"}], "source": {"advisory": "GHSA-8phj-f9w2-cjcc", "discovery": "UNKNOWN"}, "title": "Arbitrary file reading vulnerability in Aim", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43775", "STATE": "PUBLIC", "TITLE": "Arbitrary file reading vulnerability in Aim"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "aim", "version": {"version_data": [{"version_value": "< 3.1.0"}]}}]}, "vendor_name": "aimhubio"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with \u201cdot-dot-slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc", "refsource": "CONFIRM", "url": "https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc"}, {"name": "https://github.com/aimhubio/aim/issues/999", "refsource": "MISC", "url": "https://github.com/aimhubio/aim/issues/999"}, {"name": "https://github.com/aimhubio/aim/pull/1003", "refsource": "MISC", "url": "https://github.com/aimhubio/aim/pull/1003"}, {"name": "https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738", "refsource": "MISC", "url": "https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738"}, {"name": "https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16", "refsource": "MISC", "url": "https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16"}]}, "source": {"advisory": "GHSA-8phj-f9w2-cjcc", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43775", "datePublished": "2021-11-23T19:15:13", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2021-11-23T19:15:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:*:*:*:*:*:python:*:*", "matchCriteriaId": "AE237926-EEBB-4E1F-9F74-FB5845332FC8", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with \u201cdot-dot-slash (../)\u201d sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0."}, {"lang": "es", "value": "Aim es una herramienta de seguimiento de experimentos de aprendizaje autom\u00e1tico de c\u00f3digo abierto. Las versiones de Aim anteriores a la 3.1.0 son vulnerables a un ataque de salto de ruta. Mediante la manipulaci\u00f3n de variables que hacen referencia a archivos con secuencias \u201cdot-dot-slash (../)\u201d y sus variaciones o mediante el uso de rutas de archivo absolutas, puede ser posible acceder a archivos y directorios arbitrarios almacenados en el sistema de archivos, incluyendo el c\u00f3digo fuente de la aplicaci\u00f3n o la configuraci\u00f3n y los archivos cr\u00edticos del sistema. El problema de la vulnerabilidad ha sido resuelto en Aim versi\u00f3n v3.1.0"}], "id": "CVE-2021-43775", "lastModified": "2023-11-07T03:39:25.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-11-23T21:15:20.347", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/aimhubio/aim/issues/999"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/aimhubio/aim/pull/1003"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}