CVE-2023-5950

Velocidex/velociraptor

on github

Published

November 6, 2023

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

N/A

Description

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).

References

https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:rapid7:velociraptor:0.7.0-3:::::::*	n/a	n/a	0.7.0-3
cpe:2.3:a:rapid7:velociraptor:0.7.0:rc1::::::	n/a	n/a	0.7.0
cpe:2.3:a:rapid7:velociraptor:0.7.0:-::::::	n/a	n/a	0.7.0
cpe:2.3:a:rapid7:velociraptor::::::::	n/a	0.6.9-1	*

External Links

NVD - CVE-2023-5950