Lava
CVE-2022-42902
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
AnalysisAI
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. Affected products include: Linaro Lava, Debian Debian Linux. Version information: before 2022.10.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remote
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRP
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remo
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remo
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today