CVE-2023-0242 Insufficient permission check in the VQL copy() function

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

PT-2022-22934 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.5-2 Description: The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to...