CVE-2024-6107 | THREATINT

Description

Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.

PUBLISHED Reserved 2024-06-18 | Published 2025-07-21 | Updated 2025-07-21 | Assigner canonical

CRITICAL: 9.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

Problem types

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Product status

Default status

affected

3.1.0 (semver) before 3.1.4

affected

3.2.0 (semver) before 3.2.11

affected

3.3.0 (semver) before 3.3.8

affected

3.4.0 (semver) before 3.4.4

affected

3.5.0 (semver) before 3.5.1

affected

References

bugs.launchpad.net/maas/+bug/2069094

cve.org (CVE-2024-6107)

nvd.nist.gov (CVE-2024-6107)

Download JSON