CVE-2023-45277: Yamcs Path Traversal vulnerability

October 19, 2023 (updated October 25, 2023)

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

References

github.com/advisories/GHSA-w4m2-qmh3-2g8f
github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
nvd.nist.gov/vuln/detail/CVE-2023-45277
www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Code Behaviors & Features

Detect and mitigate CVE-2023-45277 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →