2 matches found
CVE-2023-0290
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...
CVE-2023-0290
Summary of CVE-2023-0290 (Velociraptor) : A vulnerability in the CreateCollection API allows directory traversal via an unsafely sanitized client ID parameter, enabling a collection task to be written for the server when scheduling from the server artifact path “../clients/server.” Exploitation r...