Rapid7 Velociraptor Notebooks Authenticated Persistent XSS
CVE-2021-3619

3.5LOW

Key Information:

Vendor: Rapid7
Status: Velociraptor
Vendor: CVE Published:; 21 June 2021

What is CVE-2021-3619?

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.

Affected Version(s)

Velociraptor 0.5.9

References

https://github.com/Velocidex/velociraptor/pull/1118

x_refsource_MISC

https://github.com/Velocidex/velociraptor/releases/tag/v0...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jun 24, 2021
Vulnerability published
Jun 21, 2021

Credit

Mike Cohen of Rapid7 discovered and fixed this vulnerability as part of routine software maintenance.