3 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Filestore API endpoints. An attacker can access files from other organizations without explicit permissions by issuing a single authenticated HTTP GET request while holding only minimal read privileg...
CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
CVE-2026-6863
CVE-2026-6863 affects Velociraptor versions prior to 0.76.4, where the HTTP API permits a cross-organization authorization bypass. A user with only the reader role in the root organization (lowest authenticated role with READ_RESULTS) can issue a single authenticated HTTP GET that can read any fi...