CVE-2014-1428 - OpenCVE

A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Metal As A Service

Configuration 1 [-]

cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*

References

Link	Resource
https://launchpad.net/maas/+milestone/1.9.2	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2016-04-28T00:00:00

Updated: 2019-04-22T15:35:59

Reserved: 2014-01-13T00:00:00

Link: CVE-2014-1428

JSON object: View

NVD Information

Status : Modified

Published: 2019-04-22T16:29:00.583

Modified: 2019-10-09T23:09:49.710

Link: CVE-2014-1428

JSON object: View

Redhat Information

No data.

CWE

CWE-254

{"containers": {"cna": {"affected": [{"product": "MAAS", "vendor": "Ubuntu", "versions": [{"lessThan": "1.9.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2016-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Insufficient randomness in generated filenames.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-22T15:35:59", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/maas/+milestone/1.9.2"}], "source": {"defect": ["https://bugs.launchpad.net/maas/+bug/1379826"], "discovery": "INTERNAL"}, "title": "uuid.uuid1() is not suitable as an unguessable identifier/token", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2016-04-28T00:00:00.000Z", "ID": "CVE-2014-1428", "STATE": "PUBLIC", "TITLE": "uuid.uuid1() is not suitable as an unguessable identifier/token"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MAAS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "1.9.2"}]}}]}, "vendor_name": "Ubuntu"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient randomness in generated filenames."}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/maas/+milestone/1.9.2", "refsource": "MISC", "url": "https://launchpad.net/maas/+milestone/1.9.2"}]}, "source": {"defect": ["https://bugs.launchpad.net/maas/+bug/1379826"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2014-1428", "datePublished": "2016-04-28T00:00:00", "dateReserved": "2014-01-13T00:00:00", "dateUpdated": "2019-04-22T15:35:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D1C34D7-6400-4519-8B7D-89CF0926AC08", "versionEndExcluding": "1.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2."}, {"lang": "es", "value": "Una vulnerabilidad en generate_filestorage_key de Ubuntu MAAS permite a un atacante usar fuerza bruta en los nombres de archivo. Este problema afecta a las versiones de Ubuntu MAAS anteriores a la 1.9.2."}], "id": "CVE-2014-1428", "lastModified": "2019-10-09T23:09:49.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2019-04-22T16:29:00.583", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://launchpad.net/maas/+milestone/1.9.2"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}