← Zuruck zu CVEs
CVE-2021-3619
LOW3.5
Beschreibung
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.
CVE Details
CVSS v3.1 Bewertung3.5
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht7/22/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
rapid7:velociraptor
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://github.com/Velocidex/velociraptor/pull/1118(cve@rapid7.com)
https://github.com/Velocidex/velociraptor/releases/tag/v0.6.0(cve@rapid7.com)
https://github.com/Velocidex/velociraptor/pull/1118(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Velocidex/velociraptor/releases/tag/v0.6.0(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.