Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Remediation

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Related Vulnerabilities

CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2022-22984 Vulnerability in npm package snyk-sbt-plugin

CVE-2022-35204 Vulnerability in maven package org.webjars.npm:vite

CVE-2021-23337 Vulnerability in npm package lodash

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory