CVE-2024-6107 Vulnerability Analysis & Exploit Details

CVE-2024-6107 Vulnerability Summary

CVE-2024-6107: Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.

CVE-2024-6107 References

External References

• https://bugs.launchpad.net/maas/+bug/2069094

CWE Common Weakness Enumeration

NVD-CWE-noinfo

Vulnerable Configurations

• cpe:2.3:a:canonical:metal_as_a_service:3.1.0:-:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.1.0:-:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta2:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta2:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta3:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta3:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta4:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta4:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta5:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.1.0:beta5:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:-:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:-:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta2:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta2:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta3:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta3:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta4:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta4:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta5:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta5:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta6:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.0:beta6:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.4:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.5:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.6:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.7:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.8:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.9:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.9:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.2.10:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.2.10:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.0:-:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.0:-:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.0:rc3:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.0:beta1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.0:beta1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.0:beta2:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.0:beta2:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.0:beta3:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.0:beta3:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.5:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.5:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.6:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.6:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.3.7:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.0:-:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.0:-:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.0:beta1:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.0:beta1:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.0:beta2:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.0:beta2:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.0:beta3:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.0:beta3:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:metal_as_a_service:3.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:canonical:metal_as_a_service:3.5.0:*:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-10073 – A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipula...
• CVE-2025-10072 – A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturma...
• CVE-2025-10071 – A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/...
• CVE-2025-10070 – A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes im...
• CVE-2025-48042 – Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerabilit...