Rapid7

Velociraptor

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-35631

  • EPSS 0.11%
  • Veröffentlicht 29.07.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:11:24

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

4.8

CVE-2022-35632

  • EPSS 0.5%
  • Veröffentlicht 29.07.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:11:24

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velo...

4.8

CVE-2021-3619

  • EPSS 0.46%
  • Veröffentlicht 22.07.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:59

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixe...