GHSA-c6mm-2g84-v4m7

Suggest an improvement
Source
https://github.com/advisories/GHSA-c6mm-2g84-v4m7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-c6mm-2g84-v4m7/GHSA-c6mm-2g84-v4m7.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-c6mm-2g84-v4m7
Aliases
Related
Published
2023-05-05T23:10:44Z
Modified
2024-09-30T17:34:42.023648Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Mage-ai missing user authentication
Details

Impact

You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions.

Patches

The vulnerability has been resolved in Mage version 0.8.72.

Database specific
{
    "nvd_published_at": "2023-05-09T15:15:10Z",
    "cwe_ids": [
        "CWE-306"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-05T23:10:44Z"
}
References

Affected packages

PyPI / mage-ai

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.8.34
Fixed
0.8.72

Affected versions

0.*

0.8.34
0.8.35
0.8.36
0.8.37
0.8.38
0.8.39
0.8.40
0.8.41
0.8.42
0.8.43
0.8.44
0.8.45
0.8.46
0.8.47
0.8.48
0.8.49
0.8.50
0.8.51
0.8.52
0.8.53
0.8.54
0.8.55
0.8.56
0.8.57
0.8.58
0.8.59
0.8.60
0.8.61
0.8.62
0.8.63
0.8.64
0.8.66
0.8.67
0.8.68
0.8.69
0.8.70
0.8.71