Debian DLA-3276-1 : lava – LTS security update
Discription

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3276 advisory.

– In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. (CVE-2022-44641)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

6.5 Medium

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • Low
  • None
  • Unchanged
  • None
  • None
  • High

Back to Main

Subscribe for the latest news: