Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Remediation

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Related Vulnerabilities

CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

CVE-2021-28092 Vulnerability in maven package org.webjars:is-svg

CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2014-2068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-16530 Vulnerability in maven package org.sonatype.nexus:nexus-core

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory