10 matches found
CVE-2025-7044
The set of connected documents confirms a concrete vulnerability in MAAS: the user websocket handler does improper input validation, enabling an authenticated, unprivileged attacker to intercept a user.update request and inject is_superuser = true, which can grant full administrative control over...
EUVD-2013-1109
Malware in sbrugna...
EUVD-2013-1110
Malware in sbrugna...
Canonical MAAS 安全漏洞
Canonical MAAS is a Canonical open source software for large-scale physical server management and automated deployment. A security vulnerability exists in Canonical MAAS that stems from insufficient authentication and could allow an attacker to bypass authentication checks and run RPC commands...
MAAS Cross-Site Scripting Vulnerability
Canonical Ubuntu Metal as a Service MAAS is a suite of cloud server deployment and management tools from Canonical in the UK. The tool enables centralized deployment and management of a large number of server hardware environments. A cross-site scripting vulnerability exists in the REST API in...
USN-2746-2 simplestreams regression
USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Simple Streams did not properly perform gpg...
CVE-2013-1069
Ubuntu Metal as a Service MaaS 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file...
CVE-2013-1070
Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...
CVE-2013-1069
Ubuntu Metal as a Service MaaS 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file...
CVE-2013-1070
The CVE-2013-1070 entry concerns Ubuntu MAAS (Metal as a Service) API XSS on the nodes/ op parameter in MAAS 1.2 and 1.4. The connected Ubuntu USN-2105-1 describes two issues: (1) a cross-site scripting vulnerability in the MAAS API that could allow an attacker to modify contents or steal data wi...