CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca
https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-23 12:15

Updated : 2024-05-24 01:15

NVD link : CVE-2024-34060

Mitre link : CVE-2024-34060

CVE.ORG link : CVE-2024-34060

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-34060", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-23T12:15:10.807", "references": [{"url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "source": "security-advisories@github.com"}, {"url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0."}, {"lang": "es", "value": "IrisEVTXModule es un m\u00f3dulo de interfaz para Evtx2Splunk e Iris para ingerir archivos de registro de Microsoft EVTX. El `iris-evtx-module` es un complemento de canalizaci\u00f3n de `iris-web` que procesa archivos EVTX a trav\u00e9s de la aplicaci\u00f3n web IRIS. Durante la carga de un EVTX a trav\u00e9s de esta canalizaci\u00f3n, el nombre del archivo no se maneja de forma segura y puede provocar una escritura de archivo arbitraria. Esto puede conducir a una ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando se combina con una inyecci\u00f3n de plantilla del lado del servidor (SSTI). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 1.0.0."}], "lastModified": "2024-05-24T01:15:30.977", "sourceIdentifier": "security-advisories@github.com"}