CVE-2021-3619

Velocidex/velociraptor

on github

Published

July 22, 2021

Severity

CVSS v3:

4.8 MEDIUM

CVSS v2:

3.5 LOW

Description

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.

References

https://github.com/Velocidex/velociraptor/pull/1118
https://github.com/Velocidex/velociraptor/releases/tag/v0.6.0

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:rapid7:velociraptor::::::::	n/a	0.6.0	*

External Links

NVD - CVE-2021-3619