CVE-2022-35629

Summary

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

Affected Software

VendorProductVersion RangeStatus
Rapid7Velociraptor0.6.5-2 < 0.6.5-2affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References