Lucene search
K

8 matches found

Snyk
Snyk
added 2026/05/06 4:12 a.m.9 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetUserRoles API endpoint. An attacker can access ACL policies for any user across all organizations by supplying specific Name and Org parameters in a network request. Remediatio...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 3:33 a.m.6 views

GHSA-3C93-G9G6-P5J4 Velocidex Velociraptor has an authorization bypass vulnerability

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/06 3:15 a.m.7 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 2:15 a.m.8 views

CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 2:15 a.m.8 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 2:15 a.m.10 views

EUVD-2026-27517

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 2:15 a.m.24 views

CVE-2026-7573

Velocidex Velociraptor (GetUserRoles gRPC API) is affected in versions below 0.76.5, due to an authorization bypass (CWE-639) that allows any authenticated low-privilege user to retrieve the complete ACL policy (roles/permissions) for any user across all organizations by supplying specific Name a...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37339

Name of the Vulnerable Software and Affected Versions Velocidex Velociraptor versions prior to 0.76.5 Description An authorization bypass in the 'GetUserRoles' gRPC API endpoint allows any authenticated low-privilege user to retrieve the complete Access Control List ACL policy, including roles an...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References9
Rows per page
Query Builder