CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
57.6%
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is
dynamic code execution in lava_server/lavatable.py. Due to improper input
sanitization, an anonymous user can force the lava-server-gunicorn service
to execute user-provided code on the server.
git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834
git.lavasoftware.org/lava/lava/-/merge_requests/1834
launchpad.net/bugs/cve/CVE-2022-42902
nvd.nist.gov/vuln/detail/CVE-2022-42902
security-tracker.debian.org/tracker/CVE-2022-42902
www.cve.org/CVERecord?id=CVE-2022-42902