CVE-2022-35629
First published: Fri Jul 29 2022(Updated: )
Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.
Credit: cve@rapid7.con cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 Velociraptor | <0.6.5-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-35629?
CVE-2022-35629 is a vulnerability in the handling of communication between the client and server in Velociraptor.
What is the severity of CVE-2022-35629?
CVE-2022-35629 has a severity value of 5.4, which is considered medium.
How does CVE-2022-35629 affect Velociraptor?
CVE-2022-35629 affects Velociraptor versions up to and including 0.6.5-2.
How was CVE-2022-35629 resolved?
CVE-2022-35629 was resolved in Velociraptor 0.6.5-2.
Is there any additional information available about CVE-2022-35629?
Yes, you can find additional information about CVE-2022-35629 in the reference provided by Rapid7.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/rapid7
- canonical/rapid7 velociraptor