PT-2024-31469 · Unknown · Mage Ai Framework

Ori Hollander

Published

2024-08-23

Updated

2026-01-13

CVE-2024-45187

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mage AI framework (affected versions not specified)

Description The issue concerns guest users in the Mage AI framework who remain logged in after their accounts are deleted. These users are mistakenly given high privileges, specifically access to remotely execute arbitrary code through the Mage AI terminal server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Privilege Assignment

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-613

Related Identifiers

CVE-2024-45187

GHSA-JG95-R9XH-XW9C

Affected Products

Mage Ai Framework

PT-2024-31469 · Unknown · Mage Ai Framework

CVE-2024-45187

Weakness Enumeration

Related Identifiers

Affected Products

References · 12