GCVE - cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Canonical (`bedcba35-8c3d-5a60-8532-2ba876a6ec88`)
Product	Metal As A Service (`cedc718a-a874-52c2-a599-0329db0f25af`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/ubuntu/maas`	purl2cpe	2026-06-01 10:12:43.113272
`pkg:github/maas/maas`	purl2cpe	2026-06-01 10:12:43.113275

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6107`	vulnerable	2026-06-03 14:58:01.876380	Details available CRITICAL (9.6) Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps. Published: 2025-07-21T08:52:56.608Z Updated: 2025-07-21T17:07:16.633Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/maas/+bug/2069094	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1320`	vulnerable	2026-06-03 14:34:39.148622	Probe-and-enlist for SeaMicro chassis writes password to the log MEDIUM (5.5) The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. Published: 2019-04-22T15:35:59.171Z Updated: 2024-09-16T22:26:40.726Z Open on db.gcve.eu Reference links https://launchpad.net/maas/+milestone/1.9.2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1428`	vulnerable	2026-06-03 14:33:46.902908	uuid.uuid1() is not suitable as an unguessable identifier/token LOW (2) A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. Published: 2019-04-22T15:35:59.093Z Updated: 2024-09-16T18:28:21.706Z Open on db.gcve.eu Reference links https://launchpad.net/maas/+milestone/1.9.2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1427`	vulnerable	2026-06-03 14:33:46.902580	MAAS API vulnerable to CSRF attack CRITICAL (9.6) A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. Published: 2019-04-22T15:35:59.055Z Updated: 2024-09-16T17:27:52.597Z Open on db.gcve.eu Reference links https://launchpad.net/maas/+milestone/1.9.2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1426`	vulnerable	2026-06-03 14:33:46.902141	get_file_by_name does not check owner HIGH (8.6) A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. Published: 2019-04-22T15:35:58.973Z Updated: 2024-09-16T21:02:51.069Z Open on db.gcve.eu Reference links https://launchpad.net/maas/+milestone/1.9.2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.