Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
mage-ai
(,)
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
Leaking terminal command history for user #1 -
ws://localhost:6789/websocket/terminal?term_name=1--PortalTerminal--Main%20Mage
No mitigations are supplied for this issue
No references are supplied for this issue