CVE-2014-1427

Опубликовано: 22 апр. 2019

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 9.6

Описание

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

Релиз	Статус	Примечание
devel	not-affected	2.2.0~rc3+bzr6025-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [1.9.5+bzr4599-0ubuntu1~14.04.1]]
esm-infra/xenial	not-affected	2.1.3+bzr5573-0ubuntu1~16.04.1
lucid	DNE
precise	ignored	end of life
precise/esm	DNE
trusty	not-affected	1.9.5+bzr4599-0ubuntu1~14.04.1
trusty/esm	DNE	trusty was not-affected [1.9.5+bzr4599-0ubuntu1~14.04.1]
upstream	released	1.9.2
utopic	ignored	end of life

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2014-1427

EPSS

Процентиль: 59%

0.00383

Низкий

4.3 Medium

CVSS2

9.6 Critical

CVSS3

Связанные уязвимости

CVE-2014-1427

CVSS3: 9.6

nvd

почти 7 лет назад

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

GHSA-r5fr-m3x2-j65q

CVSS3: 6.1

github

больше 3 лет назад

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

EPSS

Процентиль: 59%

0.00383

Низкий

4.3 Medium

CVSS2

9.6 Critical

CVSS3

CVE-2014-1427

Описание

Пакет maas

Ссылки на источники

Связанные уязвимости