Launchpad.net

CVE 2014-1426

A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.

See the CVE page on Mitre.org for more details.