Skip to main content

Maas

3 CVEs product

Monthly

CVE-2025-7044 HIGH PATCH This Week

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

Privilege Escalation Maas
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2013-1058 MEDIUM This Month

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ubuntu Linux Maas
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-1057 MEDIUM POC This Month

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Ubuntu Linux Maas
NVD
CVSS 2.0
4.4
EPSS
0.1%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

Privilege Escalation Maas
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ubuntu Linux Maas
NVD
EPSS 0% CVSS 4.4
MEDIUM POC This Month

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Ubuntu Linux Maas
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy