Lucene search

GitHub Advisory DatabaseGHSA-43FW-536J-W37J

HistoryOct 19, 2023 - 6:30 p.m.

Yamcs API Directory Traversal vulnerability

2023-10-1918:30:30

CWE-22

GitHub Advisory Database

github.com

yamcs

api

directory traversal

storage

vulnerability

http delete

arbitrary files

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.002

Percentile

52.3%

JSON

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

Affected configurations

Vulners

Node

org.yamcsyamcsRange<5.8.7

VendorProductVersionCPE
org.yamcsyamcs*cpe:2.3:a:org.yamcs:yamcs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.yamcs	yamcs	*	cpe:2.3:a:org.yamcs:yamcs::::::::

References

github.com/advisories/GHSA-43fw-536j-w37j

github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

nvd.nist.gov/vuln/detail/CVE-2023-45278

www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.002

Percentile

52.3%

JSON

Related for GHSA-43FW-536J-W37J