Опубликовано: 05 мая 2023
Источник: github
Github: Прошло ревью
CVSS4: 8.2
CVSS3: 5.9
Описание
Mage-ai missing user authentication
Impact
You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions.
Patches
The vulnerability has been resolved in Mage version 0.8.72.
Пакеты
Наименование
mage-ai
pip
Затронутые версииВерсия исправления
>= 0.8.34, < 0.8.72
0.8.72
Связанные уязвимости
CVSS3: 5.9
nvd
больше 2 лет назад
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.