CVE-2014-1427

Опубликовано: 22 апр. 2019

Источник: nvd

CVSS3: 9.6

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

Ссылки

https://launchpad.net/maas/+milestone/1.9.2
Third Party Advisory
https://launchpad.net/maas/+milestone/1.9.2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*

Версия до 1.9.2 (исключая)

EPSS

Процентиль: 59%

0.00383

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-1427

CVSS3: 9.6

ubuntu

почти 7 лет назад

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

GHSA-r5fr-m3x2-j65q

CVSS3: 6.1

github

больше 3 лет назад

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

EPSS

Процентиль: 59%

0.00383

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79