CVE-2022-35631

CVE-2022-35631: Filesystem race on temporary files

Vendor Rapid7
Product Velociraptor
Weakness CWE-377
Published July 29, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

Key dates

02Disclosure timeline

July 29, 2022 CVE published
September 16, 2024 Record updated