Rapid7 Velociraptor Reflected XSS
CVE-2023-5950

8.6HIGH

Key Information:

Vendor: Rapid7
Status: Velociraptor
Vendor: CVE Published:; 6 November 2023

What is CVE-2023-5950?

Rapid7 Velociraptor is affected by a reflected cross-site scripting vulnerability that permits attackers to inject malicious JavaScript into error messages. This can result in the unauthorized execution of scripts within a user's web browser, leading to potential security breaches. Users are advised to upgrade to version 0.7.0-4 or apply the available patches for version 0.6.9 (0.6.9-1) to mitigate this risk.

Affected Version(s)

Velociraptor 0 < 0.7.0-4

References

https://github.com/Velocidex/velociraptor/releases/tag/v0...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
Nov 3, 2023

Credit

Mathias Kujala