Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation in MAAS via Websocket Request Manipulation
Vulnerability Description
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
Canonical MAAS 安全漏洞
Vulnerability Description
Canonical MAAS是Canonical开源的一个用于大规模物理服务器管理和自动化部署的软件。 Canonical MAAS存在安全漏洞,该漏洞源于用户websocket处理程序输入验证不当,可能导致经过身份验证的低权限攻击者提升为管理员角色。
CVSS Information
N/A
Vulnerability Type
N/A