CVE-2022-35629

CVE-2022-35629: Velociraptor Client ID Spoofing

Vendor Rapid7
Product Velociraptor
Weakness CWE-287 · Improper authentication
Published July 29, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

Key dates

02Disclosure timeline

July 29, 2022 CVE published
September 16, 2024 Record updated