Lucene search
Veracode Vulnerability DatabaseVERACODE:38043HistoryNov 16, 2022 - 8:34 p.m.
Authentication Bypass
2022-11-1620:34:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
lava_server
authentication
bypass
vulnerability
input sanitization
anonymous user
code execution
server
EPSS
0.002
Percentile
57.6%
lava is vulnerable to authentication bypass. The vulnerability exists in lava_server/lavatable.py due to improper input sanitization which allows an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
References
git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834
git.lavasoftware.org/lava/lava/-/merge_requests/1834
lists.debian.org/debian-lts-announce/2022/11/msg00019.html
security-tracker.debian.org/tracker/CVE-2022-42902
www.debian.org/security/2022/dsa-5260
Related
osv
osv
lava - security update
2022-10-23 00:00:00
lava - security update
2022-11-17 00:00:00
nessus
nessus
Debian DSA-5260-1 : lava - security update
2022-10-23 00:00:00
Debian DLA-3192-1 : lava - LTS security update
2022-11-17 00:00:00
debiancve
debiancve
CVE-2022-42902
2022-10-13 03:15:09
prion
prion
Input validation
2022-10-13 03:15:00
openvas
openvas
Debian: Security Advisory (DLA-3192-1)
2022-11-18 00:00:00
Debian: Security Advisory (DSA-5260-1)
2022-10-25 00:00:00
nvd
nvd
CVE-2022-42902
2022-10-13 03:15:09
debian
debian
[SECURITY] [DSA 5260-1] lava security update
2022-10-23 18:38:14
[SECURITY] [DLA 3192-1] lava security update
2022-11-17 10:19:09
cvelist
cvelist
CVE-2022-42902
2022-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2022-42902
2022-10-13 00:00:00
cve
cve
CVE-2022-42902
2022-10-13 03:15:09