CVE-2023-45277 – org.yamcs:yamcs

Package

Manager: maven
Name: org.yamcs:yamcs
Vulnerable Version: >=0 <5.8.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00954 pctl0.7552

Details

Yamcs Path Traversal vulnerability Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Metadata

Created: 2023-10-19T18:30:30Z
Modified: 2023-10-25T16:57:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w4m2-qmh3-2g8f/GHSA-w4m2-qmh3-2g8f.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-w4m2-qmh3-2g8f
Finding: F063
Auto approve: 1