Skip to content

User authentication not working properly for the Mage terminal

Moderate
dy46 published GHSA-c6mm-2g84-v4m7 May 5, 2023

Package

pip mage-ai (pip)

Affected versions

0.8.34

Patched versions

0.8.72

Description

Impact

You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions.

Patches

The vulnerability has been resolved in Mage version 0.8.72.

Thanks to Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. for finding the vulnerability

Severity

Moderate

CVE ID

CVE-2023-31143

Weaknesses

No CWEs