Privilege escalation in Rapid7 Velociraptor

CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally f…

Vulnerability class: Privilege Escalation

EPSS: 0.003 (55.7th percentile) — read the EPSS interpretation.

Affected products

Rapid7 Velociraptor — versions 0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

docs.velociraptor.app/announcements/2023-cves/ (release-notes)