QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12564

Published: Jun 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180628 [SECURITY] [DLA 1404-1] lava-server security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.