CVE-2022-35631

Summary

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

Affected Software

VendorProductVersion RangeStatus
Rapid7Velociraptor0.6.5-2 < 0.6.5-2affected

Weaknesses

  • CWE-377: CWE-377 Insecure Temporary File

ADP Enrichment

CVE Program Container

Additional References

References