cve/2024/CVE-2024-45187.md

### [CVE-2024-45187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45187)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-613%20Insufficient%20Session%20Expiration&color=brighgreen)

### Description

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server

### POC

#### Reference
- https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602/

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-08-24 17:55 2024-08-24 17:55:21 +00:00			`### [CVE-2024-45187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45187)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-613%20Insufficient%20Session%20Expiration&color=brighgreen)`
Update CVE sources 2024-08-24 17:55 2024-08-24 17:55:21 +00:00
			`### Description`

			`Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server`

			`### POC`

			`#### Reference`
			`- https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602/`

			`#### Github`
			`No PoCs found on GitHub currently.`