Ubuntu Maas vulnerabilities

CVE-2025-7044 [MEDIUM] CWE-269 CVE-2025-7044: An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenti An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full

CVE-2015-1320 [CRITICAL] CWE-255 CVE-2015-1320: The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.

CVE-2014-1426 [HIGH] CWE-20 CVE-2014-1426: A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network cli A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

CVE-2014-1428 [MEDIUM] CWE-254 CVE-2014-1428: A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenam A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.

CVE-2014-1427 [MEDIUM] CWE-79 CVE-2014-1427: A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execu A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.