Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6107 | 1 Canonical | 1 Metal As A Service | 2025-08-27 | N/A | 9.6 CRITICAL |
| Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps. | |||||
| CVE-2015-1320 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 2.0 LOW |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||