An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-19T05:00:00
Updated: 2024-08-05T08:38:06.314Z
Reserved: 2018-06-19T00:00:00
Link: CVE-2018-12564
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-19T05:29:00.543
Modified: 2024-11-21T03:45:26.997
Link: CVE-2018-12564
Redhat
No data.