Home > Vulnerability Database > CVE-2023-31143

Mend.io Vulnerability Database

CVE-2023-31143

Good to know:

Date: May 9, 2023

mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.

Language: Python

Severity Score

5.9

Related Resources (6)

Url: https://github.com/mage-ai/mage-ai/commit/f63cd00f6a3be372397d37a4c9a49bfaf50d7650

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-31143

Url: https://github.com/pypa/advisory-database/tree/main/vulns/mage-ai/PYSEC-2023-64.yaml

Url: https://github.com/mage-ai/mage-ai/security/advisories/GHSA-c6mm-2g84-v4m7

Url: https://github.com/mage-ai/mage-ai

Url: https://www.mend.io/vulnerability-database/CVE-2023-31143

Severity Score

5.9

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Top Fix

Upgrade Version

Upgrade to version mage-ai - 0.8.72

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-31143

Good to know:

Date: May 9, 2023

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?