CVE-2022-35630: 
Velociraptor vulnerability analysis and mitigation

CVE-2022-35630 is a cross-site scripting (XSS) vulnerability discovered in Velociraptor's artifact collection report feature. The vulnerability was identified in July 2022 through a security code review performed by Tim Goddard from CyberCX and was fixed in Velociraptor version 0.6.5-2, released on July 26, 2022 (Rapid7 Blog).

The vulnerability exists in the HTML export functionality of Velociraptor's collection report feature. When users export a collection report in HTML format, the server generates a standalone HTML file containing a collection summary. Due to improper input validation, malicious clients could inject JavaScript code into this static HTML file. The file is served locally from a file:// URL, which limits its access to server cookies and other sensitive information (Rapid7 Blog).

The impact of this vulnerability is considered low because the exported HTML file is served locally and does not have access to server cookies or other sensitive information. However, it could potentially be used to facilitate phishing attacks. Additionally, the vulnerable feature is not frequently used, which further reduces the potential impact (Rapid7 Blog).

The vulnerability has been fixed in Velociraptor version 0.6.5-2, released on July 26, 2022. Users are advised to upgrade their Velociraptor servers to this version or newer to remediate the vulnerability (Rapid7 Blog).