CVE-2023-31143

Name of the Vulnerable Software and Affected Versions mage-ai versions 0.8.34 through 0.8.71

Description The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have editor permissions.

Recommendations For versions 0.8.34 through 0.8.71, update to version 0.8.72 to resolve the issue. As a temporary workaround, consider disabling user authentication until the update can be applied. Restrict access to the terminal to minimize the risk of exploitation.