CVE-2023-45278: Path Traversal
First published: Thu Oct 19 2023(Updated: )
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.yamcs:yamcs | <5.8.7 | 5.8.7 |
| Spaceapplications Yacms | =5.8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Yamcs vulnerability?
The vulnerability ID for this Yamcs vulnerability is CVE-2023-45278.
What is the description of the Yamcs vulnerability?
The Yamcs vulnerability is a directory traversal vulnerability that allows attackers to delete arbitrary files via a crafted HTTP DELETE request.
What software versions are affected by the Yamcs vulnerability?
Yamcs versions up to and including 5.8.6 are affected by the vulnerability.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by sending crafted HTTP DELETE requests to the API's storage functionality in Yamcs 5.8.6, allowing them to delete arbitrary files.
How can I remediate this Yamcs vulnerability?
To remediate this Yamcs vulnerability, update to version 5.8.7 or later of the yamcs package.
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-43fw-536j-w37j
- alias/CVE-2023-45278
- collector/github-advisory
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/event
- agent/author
- agent/description
- package-manager/maven
- vendor/spaceapplications
- canonical/spaceapplications yacms
- version/spaceapplications yacms/5.8.6