Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jNm1tLTJnODQtdjRtN84AAzGy
Mage-ai missing user authentication
Impact
You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions.
Patches
The vulnerability has been resolved in Mage version 0.8.72.
Permalink: https://github.com/advisories/GHSA-c6mm-2g84-v4m7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNm1tLTJnODQtdjRtN84AAzGy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 2 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-c6mm-2g84-v4m7, CVE-2023-31143
References:
- https://github.com/mage-ai/mage-ai/security/advisories/GHSA-c6mm-2g84-v4m7
- https://nvd.nist.gov/vuln/detail/CVE-2023-31143
- https://github.com/mage-ai/mage-ai/commit/f63cd00f6a3be372397d37a4c9a49bfaf50d7650
- https://github.com/pypa/advisory-database/tree/main/vulns/mage-ai/PYSEC-2023-64.yaml
- https://github.com/advisories/GHSA-c6mm-2g84-v4m7
Blast Radius: 1.8
Affected Packages
pypi:mage-ai
Dependent packages: 0Dependent repositories: 2
Downloads: 42,140 last month
Affected Version Ranges: >= 0.8.34, < 0.8.72
Fixed in: 0.8.72
All affected versions: 0.8.34, 0.8.35, 0.8.36, 0.8.37, 0.8.38, 0.8.39, 0.8.40, 0.8.41, 0.8.42, 0.8.43, 0.8.44, 0.8.45, 0.8.46, 0.8.47, 0.8.48, 0.8.49, 0.8.50, 0.8.51, 0.8.52, 0.8.53, 0.8.54, 0.8.55, 0.8.56, 0.8.57, 0.8.58, 0.8.59, 0.8.60, 0.8.61, 0.8.62, 0.8.63, 0.8.64, 0.8.66, 0.8.67, 0.8.68, 0.8.69, 0.8.70, 0.8.71
All unaffected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.1.0, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.4.19, 0.4.20, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.21, 0.7.22, 0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.29, 0.7.30, 0.7.32, 0.7.33, 0.7.34, 0.7.35, 0.7.36, 0.7.37, 0.7.38, 0.7.39, 0.7.40, 0.7.41, 0.7.42, 0.7.43, 0.7.44, 0.7.45, 0.7.46, 0.7.47, 0.7.48, 0.7.49, 0.7.50, 0.7.51, 0.7.53, 0.7.54, 0.7.55, 0.7.56, 0.7.57, 0.7.58, 0.7.59, 0.7.60, 0.7.61, 0.7.62, 0.7.63, 0.7.65, 0.7.66, 0.7.67, 0.7.68, 0.7.69, 0.7.70, 0.7.71, 0.7.72, 0.7.73, 0.7.74, 0.7.75, 0.7.76, 0.7.77, 0.7.78, 0.7.79, 0.7.80, 0.7.81, 0.7.82, 0.7.83, 0.7.84, 0.7.85, 0.7.86, 0.7.87, 0.7.88, 0.7.89, 0.7.90, 0.7.91, 0.7.92, 0.7.93, 0.7.94, 0.7.95, 0.7.96, 0.7.97, 0.7.98, 0.7.99, 0.7.100, 0.7.102, 0.7.103, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 0.8.22, 0.8.23, 0.8.24, 0.8.25, 0.8.26, 0.8.27, 0.8.28, 0.8.29, 0.8.30, 0.8.31, 0.8.32, 0.8.33, 0.8.72, 0.8.73, 0.8.74, 0.8.75, 0.8.76, 0.8.77, 0.8.78, 0.8.79, 0.8.80, 0.8.81, 0.8.82, 0.8.83, 0.8.84, 0.8.85, 0.8.86, 0.8.87, 0.8.88, 0.8.89, 0.8.90, 0.8.91, 0.8.92, 0.8.93, 0.8.94, 0.8.95, 0.8.96, 0.8.97, 0.8.98, 0.8.99, 0.8.100, 0.8.101, 0.8.102, 0.8.103, 0.8.104, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.43, 0.9.44, 0.9.45, 0.9.46, 0.9.47, 0.9.48, 0.9.49, 0.9.50, 0.9.51, 0.9.55, 0.9.56, 0.9.57, 0.9.58, 0.9.59, 0.9.60, 0.9.61, 0.9.62, 0.9.63, 0.9.64, 0.9.65, 0.9.66, 0.9.67, 0.9.68, 0.9.69, 0.9.70, 0.9.71, 0.9.72, 0.9.73, 0.9.74