Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
References
Link | Resource |
---|---|
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | Patch |
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | Exploit Third Party Advisory |
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | Patch |
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 17:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45277
Mitre link : CVE-2023-45277
CVE.ORG link : CVE-2023-45277
JSON object : View
Products Affected
spaceapplications
- yamcs
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')