Maas
by Canonical
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6107 | 0.00 | — | 0.00 | Jul 21, 2025 | Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps. | |||
| CVE-2015-1320 | 0.00 | — | 0.01 | Apr 22, 2019 | The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||
| CVE-2014-1428 | 0.00 | — | 0.01 | Apr 22, 2019 | A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||
| CVE-2014-1427 | 0.00 | — | 0.01 | Apr 22, 2019 | A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||
| CVE-2014-1426 | 0.00 | — | 0.01 | Apr 22, 2019 | A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||
| CVE-2013-1058 | 0.00 | — | 0.02 | Nov 23, 2013 | maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-1057 | 0.00 | — | 0.01 | Nov 18, 2013 | Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory. |
- CVE-2024-6107Jul 21, 2025risk 0.00cvss —epss 0.00
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.
- CVE-2015-1320Apr 22, 2019risk 0.00cvss —epss 0.01
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.
- CVE-2014-1428Apr 22, 2019risk 0.00cvss —epss 0.01
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
- CVE-2014-1427Apr 22, 2019risk 0.00cvss —epss 0.01
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
- CVE-2014-1426Apr 22, 2019risk 0.00cvss —epss 0.01
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
- CVE-2013-1058Nov 23, 2013risk 0.00cvss —epss 0.02
maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.
- CVE-2013-1057Nov 18, 2013risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.