CVE-2023-45277

HIGH

Spaceapplications Yamcs < 5.8.7 - Path Traversal

Title source: rule

Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Exploits (1)

nomisec STUB

by shoucheng3 · poc

https://github.com/shoucheng3/yamcs__yamcs_CVE-2023-45277_5-8-6

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

[Exploit, Third Party Advisory] https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Scores

CVSS v3 7.5

EPSS 0.0067

EPSS Percentile 71.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (2)

spaceapplications/yamcs

org.yamcs/yamcs < 5.8.7Maven

Timeline

Published Oct 19, 2023

Tracked Since Feb 18, 2026