CVE-2023-45278

CRITICAL

Spaceapplications Yamcs < 5.8.7 - Path Traversal

Title source: rule

Description

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

Exploits (1)

nomisec

by shoucheng3 · poc

https://github.com/shoucheng3/yamcs__yamcs_CVE-2023-45278_5-8-6

View on nomisec

References (2)

[Patch] https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

[Exploit, Third Party Advisory] https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Scores

CVSS v3 9.1

EPSS 0.0256

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-22

Status published

Affected Products (2)

spaceapplications/yamcs

org.yamcs/yamcs < 5.8.7Maven

Timeline

Published Oct 19, 2023

Tracked Since Feb 18, 2026