PT-2023-29480 · Yamcs · Yamcs

Andy Olchawa

Publicado

2023-10-19

Atualizado

2023-10-25

CVE-2023-45277

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yamcs version 5.8.6

Description The issue is related to directory traversal in the storage functionality of the API, allowing an attacker to escape the base directory of the buckets, navigate system directories, and read arbitrary files.

Recommendations For Yamcs version 5.8.6, as a temporary workaround, consider restricting access to the storage functionality of the API until a patch is available. Avoid using the API to navigate system directories or read arbitrary files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-45277

GHSA-W4M2-QMH3-2G8F

Produtos afetados

Yamcs

PT-2023-29480 · Yamcs · Yamcs

CVE-2023-45277

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10