CVE-2023-0242

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.6.7-5

Description The issue allows a low privilege user to overwrite files on the server, including Velociraptor configuration files, due to the VQL copy() function not checking for permission to write files. To exploit this, an attacker must have a Velociraptor user account at a low privilege level and be able to log into the GUI and create a notebook where they can run the VQL query invoking the copy() VQL function.

Recommendations For Velociraptor versions prior to 0.6.7-5, update to version 0.6.7-5 or later to resolve the issue. As a temporary workaround, consider restricting access to the copy() function for low privilege users until a patch is applied. Additionally, limit the ability of low privilege users to create notebooks and run VQL queries that invoke the copy() function.