Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Remediation

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Related Vulnerabilities

CVE-2022-0776 Vulnerability in npm package reveal.js

CVE-2020-8823 Vulnerability in npm package sockjs

CVE-2023-48711 Vulnerability in maven package org.webjars.npm:google-translate-api-browser

CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job

CVE-2012-6612 Vulnerability in maven package org.apache.solr:solr-core

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory