cbcvebase.
CVE-2014-1426
published 2019-04-22

CVE-2014-1426: A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS…

high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

Affected

4 ranges
VendorProductVersion rangeFixed in
canonicalmetal_as_a_service< 1.9.21.9.2
ubuntumaas>= 0 < 1.9.5+bzr4599-0ubuntu1~14.04.11.9.5+bzr4599-0ubuntu1~14.04.1
ubuntumaas>= 0 < 2.1.3+bzr5573-0ubuntu1~16.04.12.1.3+bzr5573-0ubuntu1~16.04.1
ubuntumaas>= unspecified < 1.9.21.9.2

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH