Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Spaceapplications
  • Yamcs

Configuration 1 [-]

cpe:2.3:a:spaceapplications:yamcs:5.8.6:*:*:*:*:*:*:*
References
Link Resource
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 Patch
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-19T00:00:00

Updated: 2023-10-19T16:33:08.513646

Reserved: 2023-10-06T00:00:00

Link: CVE-2023-45278

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-10-19T17:15:10.200

Modified: 2023-10-25T14:48:08.543

Link: CVE-2023-45278

JSON object: View

cve-icon Redhat Information

No data.

CWE