Latest rapid7 velociraptor Vulnerabilities

CVE-2023-5950
Rapid7 Velociraptor Reflected XSS
Rapid7 Velociraptor<0.6.9-1
Rapid7 Velociraptor=0.7.0
Rapid7 Velociraptor=0.7.0-rc1
Rapid7 Velociraptor=0.7.0-3
CVE-2023-2226
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For...
Rapid7 Velociraptor<0.6.8
CVE-2023-0290
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to prov...
Rapid7 Velociraptor<0.6.7-5
CVE-2022-35631
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. Thi...
Rapid7 Velociraptor<0.6.5-2
Apple macOS
Linux Linux kernel
CVE-2022-35629
Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to...
Rapid7 Velociraptor<0.6.5-2
CVE-2022-35632
The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-sit...
Rapid7 Velociraptor<0.6.5-2
CVE-2022-35630
A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor...
Rapid7 Velociraptor<0.6.5-2
CVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executab...
Rapid7 Velociraptor<0.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203