1.9.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

canonical

CWE-254

NVD

Published: 2019-04-22

Updated: 2019-10-09

Summary

A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.

Vulnerable Configurations

Part	Description	Count
Application	Canonical Canonical Metal AS A Service 1.9.0 Canonical Metal AS A Service 1.9.1	13

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://launchpad.net/maas/+milestone/1.9.2