CVE-2024-6107
published 2025-07-21CVE-2024-6107: Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | maas | >= 3.1.0 < 3.1.4 | 3.1.4 |
| canonical | maas | >= 3.2.0 < 3.2.11 | 3.2.11 |
| canonical | maas | >= 3.3.0 < 3.3.8 | 3.3.8 |
| canonical | maas | >= 3.4.0 < 3.4.4 | 3.4.4 |
| canonical | maas | >= 3.5.0 < 3.5.1 | 3.5.1 |
| canonical | metal_as_a_service | — | — |
| canonical | metal_as_a_service | >= 3.1.0 < 3.1.4 | 3.1.4 |
| canonical | metal_as_a_service | >= 3.2.0 < 3.2.11 | 3.2.11 |
| canonical | metal_as_a_service | >= 3.3.0 < 3.3.8 | 3.3.8 |
| canonical | metal_as_a_service | >= 3.4.0 < 3.4.4 | 3.4.4 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL