Lucene search

GitHub Advisory DatabaseGHSA-W4M2-QMH3-2G8F

HistoryOct 19, 2023 - 6:30 p.m.

Yamcs Path Traversal vulnerability

2023-10-1918:30:30

CWE-22

GitHub Advisory Database

github.com

yamcs

path traversal

vulnerability

storage

api

directory traversal

system directories

arbitrary files

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.8%

JSON

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Affected configurations

Vulners

Node

org.yamcsyamcsRange<5.8.7

VendorProductVersionCPE
org.yamcsyamcs*cpe:2.3:a:org.yamcs:yamcs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.yamcs	yamcs	*	cpe:2.3:a:org.yamcs:yamcs::::::::

References

github.com/advisories/GHSA-w4m2-qmh3-2g8f

github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

nvd.nist.gov/vuln/detail/CVE-2023-45277

www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.8%

JSON

Related for GHSA-W4M2-QMH3-2G8F