Missing Authentication for Critical Function
CVE-2023-31143
Summary
Mage package versions 0.8.34 prior to 0.8.72 with user authentication enabled, the terminal could be accessed by users who are not signed in or do not have editor permissions.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-306 - Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References
Advisory Timeline
- Published