CVE Vulnerabilities

CVE-2022-35629

Improper Authentication

Published: Jul 29, 2022 | Modified: Nov 21, 2024
CVSS 3.x
5.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Velociraptor Rapid7 * 0.6.5-2 (excluding)

Potential Mitigations

References