Description
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
Remediation
References
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies
Related Vulnerabilities
CVE-2015-5377 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-25805 Vulnerability in npm package versionn
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-webjar
CVE-2022-24433 Vulnerability in npm package simple-git
CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-legacy-oldcore