Insufficient Authentication Verification in MAAS by Canonical
CVE-2024-6107

9.6CRITICAL

Key Information:

Vendor: Canonical
Status: Maas
Vendor: CVE Published:; 21 July 2025

What is CVE-2024-6107?

A security vulnerability in MAAS allows an attacker to exploit insufficient verification mechanisms, enabling them to bypass authentication checks. This flaw permits malicious clients to execute Remote Procedure Call (RPC) commands in a selected region, potentially leading to unauthorized access and control. Canonical has addressed this issue in updated releases of the MAAS product as detailed in the official bug report.

Affected Version(s)

MAAS Linux 3.1.0

MAAS Linux 3.1.0 < 3.1.4

MAAS Linux 3.2.0 < 3.2.11

References

https://bugs.launchpad.net/maas/+bug/2069094

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jun 18, 2024