MAAS vulnerabilities

ID USN-2105-1
Type ubuntu
Reporter Ubuntu
Modified 2014-02-13T00:00:00


James Troup discovered that MAAS stored RabbitMQ authentication
credentials in a world-readable file. A local authenticated user
could read this password and potentially gain privileges of other
user accounts. This update restricts the file permissions to prevent
unintended access. (CVE-2013-1069)

Chris Glass discovered that the MAAS API was vulnerable to cross-site
scripting vulnerabilities. With cross-site scripting vulnerabilities,
if a user were tricked into viewing a specially crafted page, a remote
attacker could exploit this to modify the contents, or steal confidential
data, within the same domain. (CVE-2013-1070)