CVE-2023-45278

CRITICAL

Spaceapplications Yamcs < 5.8.7 - Path Traversal

Title source: rule

Description

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

Exploits (1)

nomisec

by shoucheng3 · poc

https://github.com/shoucheng3/yamcs__yamcs_CVE-2023-45278_5-8-6

View on nomisec

References (2)

[Patch] https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

[Exploit, Third Party Advisory] https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Scores

CVSS v3 9.1

EPSS 0.0296

EPSS Percentile 86.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-22

Status published

Products (2)

org.yamcs/yamcs 0 - 5.8.7Maven

spaceapplications/yamcs 5.8.6

Published Oct 19, 2023

Tracked Since Feb 18, 2026