UBUNTU-CVE-2024-6107

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-6107

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6107.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-6107

Upstream

CVE-2024-6107

Published

2025-07-23T00:00:00Z

Modified

2025-10-24T05:06:45Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H CVSS Calculator
9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.

References

Affected packages

Ubuntu:16.04:LTS / maas

Package

Name: maas
Purl: pkg:deb/ubuntu/maas@2.3.5-6511-gf466fdb-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.3+bzr4053-0ubuntu1

1.9.0+bzr4533-0ubuntu1

1.10.0+bzr4578-0ubuntu2

2.*

2.0.0~alpha1+bzr4736-0ubuntu1

2.0.0~alpha2+bzr4776-0ubuntu1

2.0.0~alpha3+bzr4810-0ubuntu1

2.0.0~alpha4+bzr4843-0ubuntu1

2.0.0~beta1+bzr4873-0ubuntu1

2.0.0~beta1+bzr4873-0ubuntu2

2.0.0~beta1+bzr4873-0ubuntu3

2.0.0~beta2+bzr4920-0ubuntu1

2.0.0~beta2+bzr4920-0ubuntu2

2.0.0~beta3+bzr4941-0ubuntu1

2.0.0~rc2+bzr5156-0ubuntu1~16.04.1

2.0.0~rc2+bzr5156-0ubuntu1~16.04.2

2.0.0+bzr5189-0ubuntu1~16.04.1

2.1.1+bzr5544-0ubuntu1~16.04.1

2.1.3+bzr5573-0ubuntu1~16.04.1

2.1.5+bzr5596-0ubuntu1~16.04.1

2.2.0+bzr6054-0ubuntu2~16.04.1

2.2.2-6099-g8751f91-0ubuntu1~16.04.1

2.3.0-6434-gd354690-0ubuntu1~16.04.1

2.3.5-6511-gf466fdb-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-cli"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-common"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-dhcp"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-dns"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-proxy"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-rack-controller"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-region-api"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "maas-region-controller"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "python3-django-maas"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "python3-maas-client"
        },
        {
            "binary_version": "2.3.5-6511-gf466fdb-0ubuntu1",
            "binary_name": "python3-maas-provisioningserver"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6107.json"

Ubuntu:18.04:LTS / maas

Package

Name: maas
Purl: pkg:deb/ubuntu/maas@2.4.2-7034-g2f5deb8b8-0ubuntu1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.0~beta2-6327-gdd05aa2-0ubuntu1

2.3.0-6434-gd354690-0ubuntu1

2.4.0~alpha2-6717-gffaddd526-0ubuntu1~18.04.1

2.4.0~beta1-6799-g391e5f16d-0ubuntu1

2.4.0~beta2-6865-gec43e47e6-0ubuntu1

2.4.0-6981-g011e51b7a-0ubuntu1~18.04.1

2.4.2-7034-g2f5deb8b8-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-cli"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-common"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-dhcp"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-dns"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-proxy"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-rack-controller"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-region-api"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "maas-region-controller"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "python3-django-maas"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "python3-maas-client"
        },
        {
            "binary_version": "2.4.2-7034-g2f5deb8b8-0ubuntu1",
            "binary_name": "python3-maas-provisioningserver"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6107.json"

Ubuntu:20.04:LTS / maas

Package

Name: maas
Purl: pkg:deb/ubuntu/maas@1:0.7?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.0-7802-g59416a869-0ubuntu1

1:0.*

1:0.1

1:0.2

1:0.3

1:0.4

1:0.5

1:0.6

1:0.7

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.7",
            "binary_name": "maas"
        },
        {
            "binary_version": "1:0.7",
            "binary_name": "maas-rack-controller"
        },
        {
            "binary_version": "1:0.7",
            "binary_name": "maas-region-api"
        },
        {
            "binary_version": "1:0.7",
            "binary_name": "maas-region-controller"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6107.json"