Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-c6mm-2g84-v4m7: Mage-ai missing user authentication

Impact

You may be impacted if you’re using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions.

Patches

The vulnerability has been resolved in Mage version 0.8.72.

ghsa
#vulnerability#git#auth

Mage-ai missing user authentication

Moderate severity GitHub Reviewed Published May 5, 2023 in mage-ai/mage-ai • Updated May 5, 2023

Related news

CVE-2023-31143: [dy] Fix terminal user authentication (#2586) · mage-ai/mage-ai@f63cd00

mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.