CVE-2024-8072 – mage-ai

Package

Manager: pip
Name: mage-ai
Vulnerable Version: >=0 <=0.9.73

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00074 pctl0.23057

Details

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users.

Metadata

Created: 2024-08-22T09:30:32Z
Modified: 2024-08-22T16:41:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-cgrq-wvfj-v28j/GHSA-cgrq-wvfj-v28j.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-cgrq-wvfj-v28j
Finding: F310
Auto approve: 1