Symlink Attack Vulnerability in Velociraptor 0.6.5-2

Symlink Attack Vulnerability in Velociraptor 0.6.5-2

CVE-2022-35631 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

Learn more about our Cis Benchmark Audit For Apple Macos.