The following CVEs have been noted.

Please upgrade to the current release.

    CVE-2024-10526 Local Privilege Escalation In Windows Velociraptor Service

    The Velociraptor Windows MSI installer creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.

    CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

    Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This issue affects Velociraptor: before 0.7.0-4. Patches are also available for version 0.6.9 (0.6.9-1)

    CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files

    Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. This issue affects Velociraptor: before 0.6.8.

    CVE-2023-0242 Insufficient Permission Check In The VQL Copy() Function

    Improper Privilege Management vulnerability in Rapid7 Velociraptor in the copy() function. This issue affects Velociraptor: before 0.6.7-5.

    CVE-2023-0290 Directory Traversal In Client Id Parameter

    Velociraptor did not properly sanitize the client id parameter to the CreateCollection API allowing a directory traversal in where the collection task could be written. This issue affects Velociraptor: before 0.6.7-5.

Please consider subscribing to our Security Advisories RSS feed to receive timely notifications.