CVE-2023-31143 – mage-ai

Package

Manager: pip
Name: mage-ai
Vulnerable Version: >=0.8.34 <0.8.72

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00114 pctl0.30747

Details

Mage-ai missing user authentication ### Impact You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions. ### Patches The vulnerability has been resolved in Mage version 0.8.72.

Metadata

Created: 2023-05-05T23:10:44Z
Modified: 2024-09-30T16:51:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-c6mm-2g84-v4m7/GHSA-c6mm-2g84-v4m7.json
CWE IDs: ["CWE-306"]
Alternative ID: GHSA-c6mm-2g84-v4m7
Finding: F006
Auto approve: 1