Path Traversal in Rapid7 Velociraptor
CVE-2023-0290
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server"…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.
Affected products
- Rapid7 Velociraptor — versions 0