{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34060", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-30T06:56:33.380Z", "datePublished": "2024-05-23T12:01:39.630Z", "dateUpdated": "2024-08-02T02:42:59.989Z"}, "containers": {"cna": {"title": "Arbitrary File Write in IRIS EVTX Pipeline", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm"}, {"name": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "tags": ["x_refsource_MISC"], "url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca"}], "affected": [{"vendor": "dfir-iris", "product": "iris-evtx-module", "versions": [{"version": "< 1.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-23T12:01:39.630Z"}, "descriptions": [{"lang": "en", "value": "IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0."}], "source": {"advisory": "GHSA-9rw6-5q9j-82fm", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34060", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-24T20:15:05.792610Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dfir-iris:iris-evtx-module:*:*:*:*:*:*:*:*"], "vendor": "dfir-iris", "product": "iris-evtx-module", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:42:11.329Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.989Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm"}, {"name": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "name": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "name": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.989Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34060", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-24T20:15:05.792610Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dfir-iris:iris-evtx-module:*:*:*:*:*:*:*:*"], "vendor": "dfir-iris", "product": "iris-evtx-module", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T20:11:27.192Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Arbitrary File Write in IRIS EVTX Pipeline", "source": {"advisory": "GHSA-9rw6-5q9j-82fm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dfir-iris", "product": "iris-evtx-module", "versions": [{"status": "affected", "version": "< 1.0.0"}]}], "references": [{"url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "name": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "name": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-23T12:01:39.630Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34060", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:42:59.989Z", "dateReserved": "2024-04-30T06:56:33.380Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-23T12:01:39.630Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0."}, {"lang": "es", "value": "IrisEVTXModule es un m\u00f3dulo de interfaz para Evtx2Splunk e Iris para ingerir archivos de registro de Microsoft EVTX. El `iris-evtx-module` es un complemento de canalizaci\u00f3n de `iris-web` que procesa archivos EVTX a trav\u00e9s de la aplicaci\u00f3n web IRIS. Durante la carga de un EVTX a trav\u00e9s de esta canalizaci\u00f3n, el nombre del archivo no se maneja de forma segura y puede provocar una escritura de archivo arbitraria. Esto puede conducir a una ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando se combina con una inyecci\u00f3n de plantilla del lado del servidor (SSTI). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 1.0.0."}], "id": "CVE-2024-34060", "lastModified": "2024-11-21T09:18:00.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-23T12:15:10.807", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca"}, {"source": "security-advisories@github.com", "url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T22:16:11.608737+00:00", "updated": "2025-07-12T22:16:11.608797+00:00", "vendors": ["dfir-iris", "dfir-iris$PRODUCT$iris"]}