CVE-2013-1069

Published: Feb 17, 2014Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.

Affected (2)

Products: Ubuntu: Metal As A Service

Ubuntu

1 product

Metal As A Service

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ubuntu Metal As A Service	Version 1.2
Ubuntu Metal As A Service	Version 1.4

Related CWEs

CWE-264

References (4)

http://www.ubuntu.com/usn/USN-2105-1

Source: security@ubuntu.com

https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034

Source: security@ubuntu.com

http://www.ubuntu.com/usn/USN-2105-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.