CVE-2023-45277

HIGH

Spaceapplications Yamcs < 5.8.7 - Path Traversal

Title source: rule

Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Exploits (1)

nomisec STUB

by shoucheng3 · poc

https://github.com/shoucheng3/yamcs__yamcs_CVE-2023-45277_5-8-6

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

[Exploit, Third Party Advisory] https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Scores

CVSS v3 7.5

EPSS 0.0078

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

org.yamcs/yamcs 0 - 5.8.7Maven

spaceapplications/yamcs 5.8.6

Published Oct 19, 2023

Tracked Since Feb 18, 2026