Vulnerabilities > Canonical > Metal AS A Service

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2015-1320 Credentials Management vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface.
network
low complexity
canonical CWE-255
critical
9.8
2019-04-22 CVE-2014-1428 7PK - Security Features vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames.
network
low complexity
canonical CWE-254
5.3
2019-04-22 CVE-2014-1427 Cross-site Scripting vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting.
network
low complexity
canonical CWE-79
6.1
2019-04-22 CVE-2014-1426 Improper Input Validation vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file.
network
low complexity
canonical CWE-20
7.5