CVE-2024-2196

Name of the Vulnerable Software and Affected Versions aimhubio/aim (affected versions not specified)

Description The issue allows attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. This is due to the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.