CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

CVE-2024-34060

CVE-2024-34060 affects IrisEVTXModule, an interface plugin used with Evtx2Splunk and Iris to ingest Microsoft EVTX logs via the iris-web pipeline. The vulnerability arises from unsafe handling of EVTX filenames during upload, enabling Arbitrary File Write and potentially remote code execution (RC...

CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

IrisEVTXModule 安全漏洞

IrisEVTXModule is a DFIR-IRIS open source interface module for extracting Microsoft EVTX log files. A security vulnerability exists in IrisEVTXModule versions prior to 1.0.0, which stems from the presence of an arbitrary file write issue that could lead to remote code execution RCE...

PT-2024-4060 · Unknown · Irisevtxmodule

Name of the Vulnerable Software and Affected Versions: IrisEVTXModule versions prior to 1.0.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access in the IrisEVTXModule, which handles Microsoft EVTX log files. This can lead to remote code...