Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Remediation

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Related Vulnerabilities

CVE-2015-5377 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2023-25805 Vulnerability in npm package versionn

CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-webjar

CVE-2022-24433 Vulnerability in npm package simple-git

CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-legacy-oldcore

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory