← back
CVE-2024-45190

Mage AI pipeline interaction request remote arbitrary file leak

CVSS 6.5 MEDIUMEPSS 0.9%CWE-35
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
mage-ai

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605/