6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credentials can submit a well-written XMLRPC request to implement a recursive XML entity extension, which can be exploited by an attacker to cause excessive memory usage and denial of service on the server.
CPE | Name | Operator | Version |
---|---|---|---|
linaro lava | lt | 2022.11 |