CVE-2022-35629

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.6.5-2

Description The issue arises from a bug in the communication handling between the client and server, allowing a registered client to send messages claiming to come from another client ID. Additionally, on MacOS and Linux, there is a potential for a symlink attack, where a predictable file name could be replaced with a symlink to another file, allowing the Velociraptor client to overwrite the other file.

Recommendations For versions prior to 0.6.5-2, update to Velociraptor 0.6.5-2 to resolve the issue. As a temporary workaround, consider restricting access to the client-server communication to minimize the risk of exploitation. On MacOS and Linux, avoid using predictable file names and restrict write access to sensitive files until the issue is resolved.