Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
Advisories for Pypi/Mage-Ai package
2024
Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request
Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request
Mage AI incorrectly gives privileges to users with deleted accounts
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server.
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users.
2023
Mage-ai missing user authentication
Impact You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions. Patches The vulnerability has been resolved in Mage version 0.8.72.