Lucene search

China National Vulnerability DatabaseCNVD-2023-07759

HistoryNov 23, 2022 - 12:00 a.m.

LAVA Denial of Service Vulnerability

2022-11-2300:00:00

China National Vulnerability Database

www.cnvd.org.cn

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

JSON

LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credentials can submit a well-written XMLRPC request to implement a recursive XML entity extension, which can be exploited by an attacker to cause excessive memory usage and denial of service on the server.

CPENameOperatorVersion
linaro lavalt2022.11

CPE	Name	Operator	Version
	linaro lava	lt	2022.11

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

JSON

Related for CNVD-2023-07759