Candidate: CVE-2014-1427
PublicDate: 2019-04-22 16:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1427
Description:
 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause
 a logged-in user to execute commands via cross-site scripting. This issue
 affects MAAS versions prior to 1.9.2.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/maas/+bug/1298772
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_maas:
upstream_maas: released (1.9.2)
lucid_maas: DNE
precise_maas: ignored (reached end-of-life)
precise/esm_maas: DNE
trusty_maas: not-affected (1.9.5+bzr4599-0ubuntu1~14.04.1)
trusty/esm_maas: DNE (trusty was not-affected [1.9.5+bzr4599-0ubuntu1~14.04.1])
utopic_maas: ignored (reached end-of-life)
vivid_maas: ignored (reached end-of-life)
vivid/ubuntu-core_maas: DNE
vivid/stable-phone-overlay_maas: DNE
wily_maas: ignored (reached end-of-life)
xenial_maas: not-affected (2.1.3+bzr5573-0ubuntu1~16.04.1)
esm-infra/xenial_maas: not-affected (2.1.3+bzr5573-0ubuntu1~16.04.1)
yakkety_maas: not-affected (2.1.3+bzr5573-0ubuntu1~16.10.1)
zesty_maas: not-affected (2.2.0~rc1+bzr5922-0ubuntu2)
devel_maas: not-affected (2.2.0~rc3+bzr6025-0ubuntu1)