CVE-2024-45190

Exploit

EPSS 0.86%
Veröffentlicht 23.08.2024 20:15:08
Zuletzt bearbeitet 10.10.2025 19:57:48
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

Mage AI pipeline interaction request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mage ≫ Mage-ai Version- SwPlatformpython

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.537

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
reefs@jfrog.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-35 Path Traversal: '.../...//'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-45190

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45190

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45190

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45190