CVE-2023-31143
Mage-ai missing user authentication
5.9
MEDIUM
CVSS 3.1
EPSS 0.22%
Description
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.
How to fix CVE-2023-31143
To remediate CVE-2023-31143, upgrade the affected package to a fixed version below.
- —upgrade to 0.8.72 or later
- —upgrade to f63cd00f6a3be372397d37a4c9a49bfaf50d7650 or later
Is CVE-2023-31143 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 0.8.34, < 0.8.72
- from 0, < f63cd00f6a3be372397d37a4c9a49bfaf50d7650 | >= 0.8.34, < 0.8.72
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |