Lucene search

[email protected]CVE-2013-1069

HistoryFeb 17, 2014 - 4:55 p.m.

CVE-2013-1069

2014-02-1716:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1069

ubuntu

maas

rabbitmq

authentication

vulnerability

security advisory

6.2 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.

CPENameOperatorVersion
ubuntu:metal_as_a_serviceubuntu metal as a serviceeq1.4
ubuntu:metal_as_a_serviceubuntu metal as a serviceeq1.2

CPE	Name	Operator	Version
ubuntu:metal_as_a_service	ubuntu metal as a service	eq	1.4
ubuntu:metal_as_a_service	ubuntu metal as a service	eq	1.2

References

www.ubuntu.com/usn/USN-2105-1

bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034

6.2 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2013-1069

prion1 ubuntucve1 openvas2 securityvulns2 ubuntu1 nessus1 ibm2