Bug 1216925 (CVE-2023-5950)

Summary: VUL-0: CVE-2023-5950: velociraptor: Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: jeffm, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/384237/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-5950:8.6:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-11-07 04:15:49 UTC 
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site
scripting vulnerability. This vulnerability allows attackers to inject JS into
the error path, potentially leading to unauthorized execution of scripts within
a user's web browser. This vulnerability is fixed in version 0.7.0-04 and
a patch is available to download. Patches are also available for version 0.6.9
(0.6.9-1).



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5950
Comment 3 Jeff Mahoney 2024-02-02 19:00:49 UTC 
security:sensor and Factory have had 0.7.0-4 since mid-December.