Miggo Logo
Miggo Vulnerability Database
CVE-2023-45277

CVE-2023-45277: Yamcs Path Traversal vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-45277
GHSA ID
GHSA-w4m2-qmh3-2g8f
EPSS Score
0.71898%
CWE
CWE-22
Published
10/19/2023
Updated
11/12/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.yamcs:yamcsmaven< 5.8.75.8.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists in the storage API endpoint (/api/storage/buckets/*/objects) where user input directly influences filesystem paths. The LinkedIn PoC demonstrates path traversal via GET requests, and the advisory mentions the fix involved implementing getCanonicalPath() to resolve paths properly. This indicates the original implementation lacked proper path normalization/sanitization in the GET request handler for storage objects. While exact code isn't available, the pattern matches CWE-22 vulnerabilities where user input is concatenated to base paths without validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Y*m*s *.*.* is vuln*r**l* to *ir**tory tr*v*rs*l (issu* * o* *). T** vuln*r**ility is in t** stor*** *un*tion*lity o* t** *PI *n* *llows on* to *s**p* t** **s* *ir**tory o* t** *u*k*ts, *r**ly n*vi**t* syst*m *ir**tori*s, *n* r*** *r*itr*ry *il*s.

Reasoning

T** vuln*r**ility *xists in t** stor*** *PI *n*point (/*pi/stor***/*u*k*ts/*/o*j**ts) w**r* us*r input *ir**tly in*lu*n**s *il*syst*m p*t*s. T** Link**In Po* **monstr*t*s p*t* tr*v*rs*l vi* **T r*qu*sts, *n* t** **visory m*ntions t** *ix involv** imp
CVE-2023-45277: Yamcs API Path Trav File Read | Miggo