CVE-2022-35631

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.6.5-2

Description The issue is related to incorrect link resolution before accessing a file, which may allow an attacker to overwrite arbitrary files. On MacOS and Linux, it may be possible to perform a symlink attack by replacing a predictable file name with a symlink to another file, allowing the Velociraptor client to overwrite the other file.

Recommendations For versions prior to 0.6.5-2, update to Velociraptor 0.6.5-2 to resolve the issue. As a temporary workaround, consider restricting access to predictable file names that could be exploited for symlink attacks until the update is applied.