Vulnerabilities > Canonical > Metal AS A Service
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-22 | CVE-2015-1320 | Credentials Management vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. | 9.8 |
2019-04-22 | CVE-2014-1428 | 7PK - Security Features vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. | 5.3 |
2019-04-22 | CVE-2014-1427 | Cross-site Scripting vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. | 6.1 |
2019-04-22 | CVE-2014-1426 | Improper Input Validation vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. | 7.5 |