An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-19T05:00:00

Updated: 2024-08-05T08:38:06.314Z

Reserved: 2018-06-19T00:00:00

Link: CVE-2018-12564

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-19T05:29:00.543

Modified: 2024-11-21T03:45:26.997

Link: CVE-2018-12564

cve-icon Redhat

No data.