cbcvebase.
CVE-2024-2196
published 2024-04-10

CVE-2024-2196: aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data…

PriorityP343high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
0.53%
40.8th percentile
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.

Affected

3 ranges
VendorProductVersion rangeFixed in
aimhubioaimhubio_aimunspecified – latest
aimstackaim
aimstackaim0 – 3.17.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.