CVE-2018-12564

Name of the Vulnerable Software and Affected Versions Linaro LAVA versions prior to 2018.5.post1

Description An issue was discovered that allows a user to forge an HTTP request, forcing the server to return any file readable by lavaserver and valid yaml, due to support for URLs in the submit page.

Recommendations For versions prior to 2018.5.post1, update to version 2018.5.post1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files on the server to minimize the risk of exploitation.