Computer Security
[EN] securityvulns.ru no-pyccku


MAAS security vulnerabilities
Published:05.05.2014
Source:
SecurityVulns ID:13745
Type:remote
Threat Level:
5/10
Description:Weak permissions, crossite scripting.
Affected:UBUNTU : MaaS 1.4
CVE:CVE-2013-1070 (Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.)
 CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.)
Original documentdocumentUBUNTU, [USN-2105-1] MAAS vulnerabilities (05.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod