Lucene search

GoogleOSV:CVE-2023-5950

HistoryNov 06, 2023 - 3:15 p.m.

CVE-2023-5950

2023-11-0615:15:14

Google

osv.dev

rapid7 velociraptor

cross site scripting

patch

vulnerability

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user’s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).

CPENameOperatorVersion
velociraptoreq0.3.6
velociraptoreq0.3.5
velociraptoreq0.4.3
velociraptoreq0.4.7
velociraptoreq0.5.1
velociraptoreq0.2.2
velociraptoreq0.3.1
velociraptoreq0.5.5
velociraptoreq0.5.6
velociraptoreq0.6.1-rc1

Name	Operator	Version
velociraptor	eq	0.3.6
velociraptor	eq	0.3.5
velociraptor	eq	0.4.3
velociraptor	eq	0.4.7
velociraptor	eq	0.5.1
velociraptor	eq	0.2.2
velociraptor	eq	0.3.1
velociraptor	eq	0.5.5
velociraptor	eq	0.5.6
velociraptor	eq	0.6.1-rc1

Rows per page:

1-10 of 491

References

github.com/Velocidex/velociraptor/releases/tag/v0.7.0

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

Related for OSV:CVE-2023-5950