samedi 4 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

lundi 22 avril 2019

Ubuntu maas up to 1.9.1 maasserver.api.get_file_by_name information disclosure

A vulnerability was found in Ubuntu maas up to 1.9.1. It has been classified as problematic. This affects the function maasserver.api.get_file_by_name. The manipulation with an unknown input leads to a information disclosure vulnerability (File Download). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.

The weakness was shared 04/22/2019. This vulnerability is uniquely identified as CVE-2014-1426 since 01/13/2014. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/23/2019).

Upgrading to version 1.9.2 eliminates this vulnerability.

The issues 133900, 133901 and 133903 are related to this entry.

Product

Vendor

Name

CPE 2.3

CPE 2.2

CVSSv3

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.1

VulDB Base Score: ≈4.3
VulDB Temp Score: ≈4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍

CVSSv2

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

Exploiting

Class: Information disclosure / File Download (CWE-200)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍

Countermeasures

Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒

Upgrade: maas 1.9.2

Timeline

01/13/2014 CVE assigned
04/22/2019 Advisory disclosed
04/23/2019 VulDB entry created
04/23/2019 VulDB last update

Sources

CVE: CVE-2014-1426 (🔒)
See also: 🔒

Entry

Created: 04/23/2019 08:10 AM
Complete: 🔍

Lien vers l'article source

Auteur: VulDB

Catégories: VulDBNombre de vues: 77

x

Événements SSI