LAVA Denial of Service Vulnerability
Discription
LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credentials can submit a well-written XMLRPC request to implement a recursive XML entity extension, which can be exploited by an attacker to cause excessive memory usage and denial of service on the server.Read More
References
Back to Main