Lucene search
JFROGCVE-2024-45189HistoryAug 23, 2024 - 8:15 p.m.
CVE-2024-45189
2024-08-2320:15:08
CWE-22
JFROG
web.nvd.nist.gov
24
mage ai git content path traversal server file leak remote vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
19.7%
Mage AI allows remote users with the “Viewer” role to leak arbitrary files from the Mage server due to a path traversal in the “Git Content” request
Affected configurations
Node
magemage-aiMatch-python
CNA Affected
[
{
"collectionURL": "https://pypi.org/project/pip",
"packageName": "mage-ai",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
]Related
nvd
nvd
CVE-2024-45189
2024-08-23 20:15:08
github
github
Mage AI Path Traversal vulnerability
2024-08-23 21:30:42
cvelist
cvelist
CVE-2024-45189 Mage AI git content request remote arbitrary file leak
2024-08-23 19:15:40
vulnrichment
vulnrichment
CVE-2024-45189 Mage AI git content request remote arbitrary file leak
2024-08-23 19:15:40
osv
osv
Mage AI Path Traversal vulnerability
2024-08-23 21:30:42
veracode
veracode
Path Traversal
2024-08-26 06:04:21
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
19.7%
Related for CVE-2024-45189