Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-1426

A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

Related bugs and status

CVE-2014-1426 (Candidate) is related to these bugs:

Bug #1212205: get_file_by_name does not check owner

		In	Importance	Status
1212205	get_file_by_name does not check owner	MAAS	Critical	Fix Released
1212205	get_file_by_name does not check owner	MAAS 1.2	Critical	Won't Fix
1212205	get_file_by_name does not check owner	MAAS 1.3	Critical	Won't Fix
1212205	get_file_by_name does not check owner	MAAS 1.5	Undecided	Won't Fix
1212205	get_file_by_name does not check owner	MAAS 1.7	Undecided	Won't Fix
1212205	get_file_by_name does not check owner	MAAS 1.9	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://launchpad.net/...