Description
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
High
Affected products
- Canonical / MAAS3.1.0 – 3.1.4
- Canonical / MAAS3.2.0 – 3.2.11
- Canonical / MAAS3.3.0 – 3.3.8
- Canonical / MAAS3.4.0 – 3.4.4
- Canonical / MAAS3.5.0 – 3.5.1