{"id":"UBUNTU-CVE-2014-1428","details":"A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.","modified":"2025-07-16T08:10:57.000223Z","published":"2019-04-22T16:29:00Z","withdrawn":"2025-07-18T16:42:59Z","upstream":["CVE-2014-1428"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1428"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-1428"}],"affected":[{"package":{"name":"maas","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/maas@1.9.5+bzr4599-0ubuntu1~14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.5+bzr4599-0ubuntu1~14.04.1"}]}],"versions":["1.4+bzr1693+dfsg-0ubuntu2","1.4+bzr1693+dfsg-0ubuntu3","1.4+bzr1789+dfsg-0ubuntu1","1.4+bzr1817+dfsg-0ubuntu1","1.4+bzr1820+dfsg-0ubuntu1","1.4+bzr1853+dfsg-0ubuntu1","1.5+bzr1909-0ubuntu1","1.5+bzr1948-0ubuntu1","1.5+bzr1948-0ubuntu2","1.5+bzr1951-0ubuntu1","1.5+bzr1976-0ubuntu1","1.5+bzr1977-0ubuntu1","1.5+bzr1977-0ubuntu2","1.5+bzr1977-0ubuntu3","1.5+bzr1977-0ubuntu4","1.5+bzr1977-0ubuntu5","1.5+bzr2204-0ubuntu1","1.5+bzr2227-0ubuntu1","1.5+bzr2230-0ubuntu1","1.5+bzr2236-0ubuntu1","1.5+bzr2252-0ubuntu1","1.5.1+bzr2269-0ubuntu0.1","1.5.2+bzr2282-0ubuntu0.2","1.5.4+bzr2294-0ubuntu1.1","1.5.4+bzr2294-0ubuntu1.2","1.5.4+bzr2294-0ubuntu1.3","1.7.6+bzr3376-0ubuntu2~14.04.1","1.7.6+bzr3376-0ubuntu3~14.04.1","1.9.4+bzr4592-0ubuntu1~14.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"maas","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-cli","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-cluster-controller","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-common","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-dhcp","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-dns","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-proxy","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-region-controller","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"maas-region-controller-min","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"python-django-maas","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"python-maas-client","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"},{"binary_name":"python-maas-provisioningserver","binary_version":"1.9.5+bzr4599-0ubuntu1~14.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-1428.json"}},{"package":{"name":"maas","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/maas@2.1.3+bzr5573-0ubuntu1~16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.3+bzr5573-0ubuntu1~16.04.1"}]}],"versions":["1.8.3+bzr4053-0ubuntu1","1.9.0+bzr4533-0ubuntu1","1.10.0+bzr4578-0ubuntu2","2.0.0~alpha1+bzr4736-0ubuntu1","2.0.0~alpha2+bzr4776-0ubuntu1","2.0.0~alpha3+bzr4810-0ubuntu1","2.0.0~alpha4+bzr4843-0ubuntu1","2.0.0~beta1+bzr4873-0ubuntu1","2.0.0~beta1+bzr4873-0ubuntu2","2.0.0~beta1+bzr4873-0ubuntu3","2.0.0~beta2+bzr4920-0ubuntu1","2.0.0~beta2+bzr4920-0ubuntu2","2.0.0~beta3+bzr4941-0ubuntu1","2.0.0~rc2+bzr5156-0ubuntu1~16.04.1","2.0.0~rc2+bzr5156-0ubuntu1~16.04.2","2.0.0+bzr5189-0ubuntu1~16.04.1","2.1.1+bzr5544-0ubuntu1~16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"maas","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-cli","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-common","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-dhcp","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-dns","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-proxy","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-rack-controller","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-rack-udeb","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-region-api","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-region-controller","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"maas-region-udeb","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"python3-django-maas","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"python3-maas-client","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"},{"binary_name":"python3-maas-provisioningserver","binary_version":"2.1.3+bzr5573-0ubuntu1~16.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-1428.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}