Local File Permission Vulnerability in Ubuntu Metal as a Service (MaaS)
CVE-2013-1069

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Metal As A Service
Vendor: CVE Published:; 17 February 2014

What is CVE-2013-1069?

Ubuntu Metal as a Service (MaaS) versions 1.2 and 1.4 are susceptible to a vulnerability that arises from world-readable permissions set on the txlongpoll.yaml file. This misconfiguration allows local users to access the file, potentially exposing RabbitMQ authentication credentials. As a result, unauthorized access to the RabbitMQ service may be granted, posing a significant security risk to the affected systems. It is crucial to ensure appropriate file permissions to mitigate this vulnerability.

References

http://www.ubuntu.com/usn/USN-2105-1

vendor-advisoryx_refsource_UBUNTU

https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2014
Vulnerability Reserved
Jan 11, 2013