CVE-2014-1427
published 2019-04-22CVE-2014-1427: A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | metal_as_a_service | < 1.9.2 | 1.9.2 |
| ubuntu | maas | >= 0 < 1.9.5+bzr4599-0ubuntu1~14.04.1 | 1.9.5+bzr4599-0ubuntu1~14.04.1 |
| ubuntu | maas | >= 0 < 2.1.3+bzr5573-0ubuntu1~16.04.1 | 2.1.3+bzr5573-0ubuntu1~16.04.1 |
| ubuntu | maas | >= unspecified < 1.9.2 | 1.9.2 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM