CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5950 – Rapid7 Velociraptor Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5950
06 Nov 2023 — Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). Las versiones de Rapid7 Velociraptor anteriores a 0.7.0-4 sufren de una vulnerabilidad de cross site scripti... • https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2226 – Velociraptor crashes while parsing some malformed PE or OLE files.
https://notcve.org/view.php?id=CVE-2023-2226
21 Apr 2023 — Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be p... • https://github.com/Velocidex/velociraptor • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0290 – Rapid7 Velociraptor directory traversal in client ID parameter
https://notcve.org/view.php?id=CVE-2023-0290
18 Jan 2023 — Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only require privileges to schedule collections on the client. Normally, to schedule an artifact on the server, the COLLECT_SERVER permission is required. This permission is normally only granted to "adm... • https://github.com/Velocidex/velociraptor • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0242 – Insufficient permission check in the VQL copy() function
https://notcve.org/view.php?id=CVE-2023-0242
18 Jan 2023 — Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. The VQL copy() function applies permission checks for reading files but does not check for permission to write files. This allows a low privilege user (usually, users with the Velociraptor "investigator" role) to over... • https://docs.velociraptor.app/announcements/2023-cves/#:~:text=to%20upgrade%20clients.-,CVE%2D2023%2D0242,-Insufficient%20Permission%20Check • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35632 – XSS in User Interface
https://notcve.org/view.php?id=CVE-2022-35632
29 Jul 2022 — The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. La Interfaz Gráfica de Velociraptor contiene una funcionalidad editor suggestion que puede mostrar el campo de descripción de una función VQL, plugin o artefacto. Este campo no estaba apropiadamente saneado y puede conllevar a un ataque de tipo... • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35631 – Filesystem race on temporary files
https://notcve.org/view.php?id=CVE-2022-35631
29 Jul 2022 — On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. En MacOS y Linux, puede ser posible llevar a cabo un ataque de symlink al reemplazar este nombre de archivo predecible con un symlink a otro archivo y hacer que el cliente de Velociraptor sobrescriba el otro archivo. Este problema fue resuelto en Velociraptor versió... • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35630 – Unsafe HTML Injection in Artifact Collection Report
https://notcve.org/view.php?id=CVE-2022-35630
29 Jul 2022 — A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. Un problema de tipo cross-site scripting (XSS) en la generación de un informe de colección hacía posible que clientes maliciosos inyectaran código JavaScript en el archivo HTML estático. Este problema se resolvió en Velociraptor versión 0.6.5-2 • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35629 – Velociraptor Client ID Spoofing
https://notcve.org/view.php?id=CVE-2022-35629
29 Jul 2022 — Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. Debido a un error en el manejo de la comunicación entre el cliente y el servidor, era posible que un cliente, ya registrado con su propio ID de cliente, enviara mensajes al servidor diciendo que provenían de otro ID de cliente. Este ... • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3619 – Rapid7 Velociraptor Notebooks Authenticated Persistent XSS
https://notcve.org/view.php?id=CVE-2021-3619
22 Jul 2021 — Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds. Rapid7 Velociraptor versiones 0.5.9 y anteriores, son vulnerables a un problema de tipo cross-site scripting (XSS) p... • https://github.com/Velocidex/velociraptor/pull/1118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •