Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-1070

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

Related bugs and status

CVE-2013-1070 (Candidate) is related to these bugs:

Bug #1251336: MaaS API is vulnerable to XSS

		In	Importance	Status
1251336	MaaS API is vulnerable to XSS	MAAS	Critical	Fix Released
1251336	MaaS API is vulnerable to XSS	MAAS 1.2	Critical	Fix Released
1251336	MaaS API is vulnerable to XSS	MAAS 1.4	Critical	Fix Released

Bug #1254034: txlongpoll.yaml contains password but is world readable

Summary				In	Importance	Status
	1254034	txlongpoll.yaml contains password but is world readable		maas (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
UBUNTU: USN-2105-1
BID: 65575