CVE-2022-35631

Published: Jul 29, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

Affected (1)

Products: Rapid7: Velociraptor

Rapid7

1 product

Velociraptor

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Rapid7 Velociraptor	Before 0.6.5-2

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions

Related CWEs

CWE-377

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/

Source: cve@rapid7.com

MitigationPatchVendor Advisory

https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.