Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.
References
Link | Resource |
---|---|
https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/ | Vendor Advisory |
Configurations
History
21 Jul 2023, 20:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-290 |
05 Aug 2022, 14:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/ - Vendor Advisory | |
First Time |
Rapid7 velociraptor
Rapid7 |
|
CWE | CWE-287 |
29 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. |
29 Jul 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-29 17:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-35629
Mitre link : CVE-2022-35629
CVE.ORG link : CVE-2022-35629
JSON object : View
Products Affected
rapid7
- velociraptor