Headline
GHSA-c6mm-2g84-v4m7: Mage-ai missing user authentication
Impact
You may be impacted if you’re using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions.
Patches
The vulnerability has been resolved in Mage version 0.8.72.
Mage-ai missing user authentication
Moderate severity GitHub Reviewed Published May 5, 2023 in mage-ai/mage-ai • Updated May 5, 2023
Related news
CVE-2023-31143: [dy] Fix terminal user authentication (#2586) · mage-ai/mage-ai@f63cd00
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.