CVE-2022-45132

{"id": "CVE-2022-45132", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-11-18T23:15:29.637", "references": [{"url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/", "source": "cve@mitre.org"}, {"url": "https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server."}, {"lang": "es", "value": "En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11.1, la ejecuci\u00f3n remota de c\u00f3digo se puede lograr a trav\u00e9s de la plantilla Jinja2 enviada por el usuario. El endpoint de la API REST para validar archivos de configuraci\u00f3n de dispositivos en el servidor lava carga la entrada como una plantilla Jinja2 de una manera que puede usarse para activar la ejecuci\u00f3n remota de c\u00f3digo en el servidor LAVA."}], "lastModified": "2024-11-21T07:28:49.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linaro:lava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA62C7AE-55F3-4880-8286-3737E25742EB", "versionEndExcluding": "2022.11.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}