Vulnerability Description
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387
- https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j
- https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387
- https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j
FAQ
What is CVE-2024-34060?
CVE-2024-34060 is a vulnerability with a CVSS score of 8.8 (HIGH). IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through ...
How severe is CVE-2024-34060?
CVE-2024-34060 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-34060?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.