Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Remediation

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Related Vulnerabilities

CVE-2023-25576 Vulnerability in npm package @fastify/multipart

CVE-2022-25854 Vulnerability in npm package @yaireo/tagify

CVE-2021-32012 Vulnerability in npm package xlsx

CVE-2022-42003 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2018-1999004 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory