CVE-2023-45277

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45277

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45277.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45277

Aliases

GHSA-w4m2-qmh3-2g8f

Published

2023-10-19T17:15:10Z

Modified

2024-05-14T13:02:16.261239Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

References

Affected packages

Git / github.com/yamcs/yamcs

Affected ranges

Type: GIT
Repo: https://github.com/yamcs/yamcs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9443a67d2aeda20fb73f68c5d571b515d68c05e4

Affected versions

Other

before-removing-cfdp-half-implemented-features

v0.*

v0.26.0

v0.26.1

v0.26.3

v0.26.4

v0.27.1

v0.27.2

v0.27.3

v0.28.0

v0.28.0-20150811

v0.28.0-20150817

v0.28.0-20150820

v0.28.0-20150824

v0.28.0-20150825

v0.28.0-20150826

v0.28.0-20150827

v0.28.0-20150828

v0.28.0-20150901

v0.28.0-20150902

v0.28.0-20150902-2

v0.28.0-20150903

v0.29.0

v0.29.1

v0.29.1-20151214

v0.29.1-20160119

v0.29.1-20160127

v0.29.2

v0.29.3

v0.29.3-20160608

v0.29.4

yamcs-0.*

yamcs-0.30.0

yamcs-3.*

yamcs-3.0.0

yamcs-3.1.0

yamcs-3.1.1

yamcs-3.1.2

yamcs-3.2.0

yamcs-3.2.1

yamcs-3.2.2

yamcs-3.3.0

yamcs-3.4.0

yamcs-4.*

yamcs-4.0.0

yamcs-4.0.1

yamcs-4.1.1

yamcs-4.1.2

yamcs-4.10.0

yamcs-4.10.1

yamcs-4.10.2

yamcs-4.10.3

yamcs-4.10.4

yamcs-4.10.5

yamcs-4.10.6

yamcs-4.10.7

yamcs-4.10.8

yamcs-4.10.9

yamcs-4.2.0

yamcs-4.2.1

yamcs-4.2.2

yamcs-4.3.0

yamcs-4.3.1

yamcs-4.4.0

yamcs-4.4.1

yamcs-4.4.2

yamcs-4.5.0

yamcs-4.6.0

yamcs-4.6.1

yamcs-4.6.2

yamcs-4.6.3

yamcs-4.7

yamcs-4.7.1

yamcs-4.7.2

yamcs-4.7.3

yamcs-4.8.0

yamcs-4.8.1

yamcs-4.9.0

yamcs-4.9.1

yamcs-4.9.2

yamcs-4.9.3

yamcs-4.9.4

yamcs-4.9.5

yamcs-5.*

yamcs-5.0.0

yamcs-5.0.1

yamcs-5.1.0

yamcs-5.1.1

yamcs-5.1.2

yamcs-5.1.3

yamcs-5.2.0

yamcs-5.3.0

yamcs-5.3.1

yamcs-5.3.2

yamcs-5.3.3

yamcs-5.3.4

yamcs-5.3.5

yamcs-5.4.0

yamcs-5.4.1

yamcs-5.4.2

yamcs-5.4.3

yamcs-5.5.0

yamcs-5.5.1

yamcs-5.5.2

yamcs-5.5.3

yamcs-5.5.4

yamcs-5.5.5

yamcs-5.5.6

yamcs-5.5.7

yamcs-5.6.0

yamcs-5.6.1

yamcs-5.6.2

yamcs-5.7.0

yamcs-5.7.1

yamcs-5.7.10

yamcs-5.7.2

yamcs-5.7.3

yamcs-5.7.4

yamcs-5.7.5

yamcs-5.7.6

yamcs-5.7.7

yamcs-5.7.8

yamcs-5.7.9

yamcs-5.8.0

yamcs-5.8.1

yamcs-5.8.2

yamcs-5.8.3

yamcs-5.8.4

yamcs-5.8.5

yamcs-5.8.6