Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. www.velocidex.com/golang/velociraptor
  4. ›
  5. CVE-2023-0290

CVE-2023-0290: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

January 19, 2023 (updated February 1, 2023)

Rapid7 Velociraptor does not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of “../clients/server” to schedule the collection for the server (as a server artifact), but only require privileges to schedule collections on the client. Normally, to schedule an artifact on the server, the COLLECT_SERVER permission is required. This permission is normally only granted to “administrator” role. Due to this issue, it is sufficient to have the COLLECT_CLIENT privilege, which is normally granted to the “investigator” role. To exploit this vulnerability, the attacker must already have a Velociraptor user account at least “investigator” level, and be able to authenticate to the GUI and issue an API call to the backend. Typically, most users deploy Velociraptor with limited access to a trusted group, and most users will already be administrators within the GUI. This issue affects Velociraptor versions before 0.6.7-5. Version 0.6.7-5, released January 16, 2023, fixes the issue.

References

  • github.com/Velocidex/velociraptor
  • github.com/advisories/GHSA-7jf5-fvgf-48c6
  • nvd.nist.gov/vuln/detail/CVE-2023-0290

Code Behaviors & Features

Detect and mitigate CVE-2023-0290 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 0.6.7-5

Fixed versions

  • 0.6.7-5

Solution

Upgrade to version 0.6.7-5 or above.

Impact 4.3 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Learn more about CVSS

Weakness

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Source file

go/www.velocidex.com/golang/velociraptor/CVE-2023-0290.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:14:52 +0000.