CPE Details
Rapid7 Velociraptor 0.6.8 Release Candidate 3
0.6.8
2023-11-14
15h00 +00:00
15h00 +00:00
2023-11-14
15h00 +00:00
15h00 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:rapid7:velociraptor:0.6.8:rc3:*:*:*:*:*:*
Informations
Vendor
rapid7Product
velociraptorVersion
0.6.8Update
rc3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the "Investigator" role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the "Investigator' role). | 5.5 |
Medium |
||
| Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). | 8.6 |
High |
