CVE-2023-31143
Mage terminal user authentication not working properly
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
mage-ai · mage-aiWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →