CVE-2014-1426

Опубликовано: 22 апр. 2019

Источник: nvd

CVSS3: 8.6

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

Ссылки

https://launchpad.net/maas/+milestone/1.9.2
Third Party Advisory
https://launchpad.net/maas/+milestone/1.9.2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*

Версия до 1.9.2 (исключая)

EPSS

Процентиль: 71%

0.00682

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2014-1426

CVSS3: 8.6

ubuntu

почти 7 лет назад

A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

GHSA-8cwf-xm55-w837

CVSS3: 7.5

github

больше 3 лет назад

A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

EPSS

Процентиль: 71%

0.00682

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20