Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7044 | 1 Canonical | 1 Maas | 2025-12-18 | N/A | 7.7 HIGH |
| An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment. | |||||
| CVE-2013-1057 | 1 Canonical | 2 Maas, Ubuntu Linux | 2025-04-11 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory. | |||||
| CVE-2013-1058 | 1 Canonical | 2 Maas, Ubuntu Linux | 2025-04-11 | 5.8 MEDIUM | N/A |
| maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||||