Lucene search
GoogleOSV:GHSA-CGXV-795X-3VQRHistoryAug 23, 2024 - 9:30 p.m.
Mage AI Path Traversal vulnerability
2024-08-2321:30:42
Google
osv.dev
2
mage ai
remote users
viewer role
leak
arbitrary files
mage server
path traversal
git content request
software
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
19.7%
Mage AI allows remote users with the “Viewer” role to leak arbitrary files from the Mage server due to a path traversal in the “Git Content” request
Related
nvd
nvd
CVE-2024-45189
2024-08-23 20:15:08
github
github
Mage AI Path Traversal vulnerability
2024-08-23 21:30:42
cve
cve
CVE-2024-45189
2024-08-23 20:15:08
cvelist
cvelist
CVE-2024-45189 Mage AI git content request remote arbitrary file leak
2024-08-23 19:15:40
vulnrichment
vulnrichment
CVE-2024-45189 Mage AI git content request remote arbitrary file leak
2024-08-23 19:15:40
veracode
veracode
Path Traversal
2024-08-26 06:04:21
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
19.7%
Related for OSV:GHSA-CGXV-795X-3VQR