vulnerabilities: Add CVE-2024-8072

jfrog · Aug 22, 2024 · 654e844 · 654e844
1 parent a3d1c6d
commit 654e844
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/vulnerabilities/mage-ai-terminal-server-infoleak-jfsa-2024-001039574.md b/vulnerabilities/mage-ai-terminal-server-infoleak-jfsa-2024-001039574.md
@@ -0,0 +1,48 @@
+---
+description: CVE-2024-8072, MEDIUM, Mage AI Terminal Server Infoleak
+title: Mage AI Terminal Server Infoleak
+date_published: "2024-08-22"
+last_updated: "2024-08-22"
+xray_id: JFSA-2024-001039574
+vul_id: CVE-2024-8072
+cvss: 5.3
+severity: medium
+discovered_by: Ori Hollander
+type: vulnerability
+
+---
+
+## Summary
+
+Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
+
+## Component
+
+mage-ai
+
+## Affected versions
+
+(,)
+
+## Description
+
+Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
+
+## PoC
+
+Leaking terminal command history for user #1 - 
+
+```
+ws://localhost:6789/websocket/terminal?term_name=1--PortalTerminal--Main%20Mage
+```
+
+
+
+## Vulnerability Mitigations
+
+No mitigations are supplied for this issue
+
+## References
+
+No references are supplied for this issue
+