CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
60.8%
James Troup discovered that MAAS stored RabbitMQ authentication
credentials in a world-readable file. A local authenticated user
could read this password and potentially gain privileges of other
user accounts. This update restricts the file permissions to prevent
unintended access. (CVE-2013-1069)
Chris Glass discovered that the MAAS API was vulnerable to cross-site
scripting vulnerabilities. With cross-site scripting vulnerabilities,
if a user were tricked into viewing a specially crafted page, a remote
attacker could exploit this to modify the contents, or steal confidential
data, within the same domain. (CVE-2013-1070)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | maas-region-controller | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | maas | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | maas-cli | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | maas-cluster-controller | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | maas-common | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | maas-dhcp | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | maas-dns | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | python-django-maas | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | python-maas-client | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | python-maas-provisioningserver | < 1.4+bzr1693+dfsg-0ubuntu2.3 | UNKNOWN |