Search criteria
14 vulnerabilities found for iris by dfir-iris
CVE-2026-22783 (GCVE-0-2026-22783)
Vulnerability from nvd – Published: 2026-01-12 18:27 – Updated: 2026-01-12 18:52
VLAI?
Title
Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management
Summary
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24.
Severity ?
9.6 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:51:44.715000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:52:04.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file\u0027s file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:27:38.259Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v"
},
{
"name": "https://github.com/dfir-iris/iris-web/commit/57c1b80494bac187893aebc6d9df1ce6e56485b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dfir-iris/iris-web/commit/57c1b80494bac187893aebc6d9df1ce6e56485b7"
}
],
"source": {
"advisory": "GHSA-qhqj-8qw6-wp8v",
"discovery": "UNKNOWN"
},
"title": "Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22783",
"datePublished": "2026-01-12T18:27:38.259Z",
"dateReserved": "2026-01-09T18:27:19.388Z",
"dateUpdated": "2026-01-12T18:52:04.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25624 (GCVE-0-2024-25624)
Vulnerability from nvd – Published: 2024-04-25 16:30 – Updated: 2024-08-01 23:44
VLAI?
Title
iris-web vulnerable to Server Side Template Injection in reports
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users.
Severity ?
6.8 (Medium)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iris",
"vendor": "dfir-iris",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T18:27:39.355759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:17.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-25T16:30:43.979Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"
}
],
"source": {
"advisory": "GHSA-m64w-f7fg-hpcr",
"discovery": "UNKNOWN"
},
"title": "iris-web vulnerable to Server Side Template Injection in reports"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25624",
"datePublished": "2024-04-25T16:30:43.979Z",
"dateReserved": "2024-02-08T22:26:33.511Z",
"dateUpdated": "2024-08-01T23:44:09.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25640 (GCVE-0-2024-25640)
Vulnerability from nvd – Published: 2024-02-19 19:56 – Updated: 2024-08-01 23:44
VLAI?
Title
Improper Neutralization of Alternate XSS Syntax in iris-web
Summary
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available.
Severity ?
4.6 (Medium)
CWE
- CWE-87 - Improper Neutralization of Alternate XSS Syntax
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T17:10:09.005153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:46.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T19:56:33.044Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp"
}
],
"source": {
"advisory": "GHSA-2xq6-qc74-w5vp",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Alternate XSS Syntax in iris-web"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25640",
"datePublished": "2024-02-19T19:56:33.044Z",
"dateReserved": "2024-02-08T22:26:33.514Z",
"dateUpdated": "2024-08-01T23:44:09.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50712 (GCVE-0-2023-50712)
Vulnerability from nvd – Published: 2023-12-22 19:19 – Updated: 2024-08-02 22:16
VLAI?
Title
Improper Neutralization of Alternate XSS Syntax in iris-web
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.
Severity ?
4.6 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T19:19:31.379Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7"
}
],
"source": {
"advisory": "GHSA-593r-747g-p92p",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Alternate XSS Syntax in iris-web "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50712",
"datePublished": "2023-12-22T19:19:31.379Z",
"dateReserved": "2023-12-11T17:53:36.028Z",
"dateUpdated": "2024-08-02T22:16:47.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30615 (GCVE-0-2023-30615)
Vulnerability from nvd – Published: 2023-05-25 17:39 – Updated: 2025-01-16 19:17
VLAI?
Title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.
Severity ?
6.3 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:17:46.596131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:17:57.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T17:39:06.887Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1"
}
],
"source": {
"advisory": "GHSA-gc6j-6276-2m49",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30615",
"datePublished": "2023-05-25T17:39:06.887Z",
"dateReserved": "2023-04-13T13:25:18.831Z",
"dateUpdated": "2025-01-16T19:17:57.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-22783 (GCVE-0-2026-22783)
Vulnerability from cvelistv5 – Published: 2026-01-12 18:27 – Updated: 2026-01-12 18:52
VLAI?
Title
Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management
Summary
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24.
Severity ?
9.6 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:51:44.715000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:52:04.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file\u0027s file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:27:38.259Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v"
},
{
"name": "https://github.com/dfir-iris/iris-web/commit/57c1b80494bac187893aebc6d9df1ce6e56485b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dfir-iris/iris-web/commit/57c1b80494bac187893aebc6d9df1ce6e56485b7"
}
],
"source": {
"advisory": "GHSA-qhqj-8qw6-wp8v",
"discovery": "UNKNOWN"
},
"title": "Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22783",
"datePublished": "2026-01-12T18:27:38.259Z",
"dateReserved": "2026-01-09T18:27:19.388Z",
"dateUpdated": "2026-01-12T18:52:04.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25624 (GCVE-0-2024-25624)
Vulnerability from cvelistv5 – Published: 2024-04-25 16:30 – Updated: 2024-08-01 23:44
VLAI?
Title
iris-web vulnerable to Server Side Template Injection in reports
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users.
Severity ?
6.8 (Medium)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iris",
"vendor": "dfir-iris",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T18:27:39.355759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:17.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-25T16:30:43.979Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"
}
],
"source": {
"advisory": "GHSA-m64w-f7fg-hpcr",
"discovery": "UNKNOWN"
},
"title": "iris-web vulnerable to Server Side Template Injection in reports"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25624",
"datePublished": "2024-04-25T16:30:43.979Z",
"dateReserved": "2024-02-08T22:26:33.511Z",
"dateUpdated": "2024-08-01T23:44:09.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25640 (GCVE-0-2024-25640)
Vulnerability from cvelistv5 – Published: 2024-02-19 19:56 – Updated: 2024-08-01 23:44
VLAI?
Title
Improper Neutralization of Alternate XSS Syntax in iris-web
Summary
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available.
Severity ?
4.6 (Medium)
CWE
- CWE-87 - Improper Neutralization of Alternate XSS Syntax
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T17:10:09.005153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:46.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T19:56:33.044Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp"
}
],
"source": {
"advisory": "GHSA-2xq6-qc74-w5vp",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Alternate XSS Syntax in iris-web"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25640",
"datePublished": "2024-02-19T19:56:33.044Z",
"dateReserved": "2024-02-08T22:26:33.514Z",
"dateUpdated": "2024-08-01T23:44:09.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50712 (GCVE-0-2023-50712)
Vulnerability from cvelistv5 – Published: 2023-12-22 19:19 – Updated: 2024-08-02 22:16
VLAI?
Title
Improper Neutralization of Alternate XSS Syntax in iris-web
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.
Severity ?
4.6 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T19:19:31.379Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7"
}
],
"source": {
"advisory": "GHSA-593r-747g-p92p",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Alternate XSS Syntax in iris-web "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50712",
"datePublished": "2023-12-22T19:19:31.379Z",
"dateReserved": "2023-12-11T17:53:36.028Z",
"dateUpdated": "2024-08-02T22:16:47.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30615 (GCVE-0-2023-30615)
Vulnerability from cvelistv5 – Published: 2023-05-25 17:39 – Updated: 2025-01-16 19:17
VLAI?
Title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.
Severity ?
6.3 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:17:46.596131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:17:57.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iris-web",
"vendor": "dfir-iris",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T17:39:06.887Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"
},
{
"name": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1"
}
],
"source": {
"advisory": "GHSA-gc6j-6276-2m49",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30615",
"datePublished": "2023-05-25T17:39:06.887Z",
"dateReserved": "2023-04-13T13:25:18.831Z",
"dateUpdated": "2025-01-16T19:17:57.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-25624
Vulnerability from fkie_nvd - Published: 2024-04-25 17:15 - Updated: 2024-12-10 15:06
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79080556-99C4-4B41-8354-6169D24EE1EB",
"versionEndExcluding": "2.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. \n"
},
{
"lang": "es",
"value": "Iris es una plataforma colaborativa web que tiene como objetivo ayudar a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Debido a una configuraci\u00f3n incorrecta del entorno Jinja2, la generaci\u00f3n de informes en `iris-web` es propensa a una inyecci\u00f3n de plantilla del lado del servidor (SSTI). La explotaci\u00f3n exitosa de la vulnerabilidad puede conducir a una ejecuci\u00f3n remota de c\u00f3digo arbitraria. Un administrador autenticado debe cargar una plantilla de informe manipulada que contenga el payload. Al generar un informe basado en el informe armado, cualquier usuario puede activar la vulnerabilidad. La vulnerabilidad est\u00e1 parcheada en IRIS v2.4.6. No hay ning\u00fan workaround disponible. Se recomienda actualizar lo antes posible. Hasta la aplicaci\u00f3n del parche, revise las plantillas de informes y mantenga los privilegios administrativos que incluyen la carga de plantillas de informes limitados a usuarios dedicados."
}
],
"id": "CVE-2024-25624",
"lastModified": "2024-12-10T15:06:18.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-25T17:15:48.813",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-25640
Vulnerability from fkie_nvd - Published: 2024-02-19 20:15 - Updated: 2024-12-10 15:02
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68F39E0F-CFD2-4344-8015-510427D062BC",
"versionEndExcluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available."
},
{
"lang": "es",
"value": "Iris es una plataforma colaborativa web que ayuda a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en iris-web, que afecta a varias ubicaciones en versiones anteriores a la v2.4.0. La vulnerabilidad puede permitir a un atacante inyectar scripts maliciosos en la aplicaci\u00f3n, que luego podr\u00edan ejecutarse cuando un usuario visite las ubicaciones afectadas. Esto podr\u00eda provocar acceso no autorizado, robo de datos u otras actividades maliciosas relacionadas. Un atacante debe autenticarse en la aplicaci\u00f3n para aprovechar esta vulnerabilidad. El problema se solucion\u00f3 en la versi\u00f3n v2.4.0 de iris-web. No hay soluciones workarounds disponibles."
}
],
"id": "CVE-2024-25640",
"lastModified": "2024-12-10T15:02:48.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-19T20:15:46.270",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-87"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-50712
Vulnerability from fkie_nvd - Published: 2023-12-22 20:15 - Updated: 2024-11-21 08:37
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D39F424-50ED-4F5B-ACE2-9524841C32E1",
"versionEndExcluding": "2.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available."
},
{
"lang": "es",
"value": "Iris es una plataforma colaborativa web que tiene como objetivo ayudar a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en iris-web, que afecta a varias ubicaciones en versiones anteriores a la v2.3.7. La vulnerabilidad puede permitir a un atacante inyectar scripts maliciosos en la aplicaci\u00f3n, que luego podr\u00edan ejecutarse cuando un usuario visite las ubicaciones afectadas. Esto podr\u00eda provocar acceso no autorizado, robo de datos u otras actividades maliciosas relacionadas. Un atacante debe autenticarse en la aplicaci\u00f3n para aprovechar esta vulnerabilidad. El problema se solucion\u00f3 en la versi\u00f3n v2.3.7 de iris-web. No hay workarounds disponibles."
}
],
"id": "CVE-2023-50712",
"lastModified": "2024-11-21T08:37:11.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-22T20:15:07.443",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-87"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-30615
Vulnerability from fkie_nvd - Published: 2023-05-25 18:15 - Updated: 2024-11-21 08:00
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E00F6634-1F40-4A43-A74E-AEA5E8DB2041",
"versionEndExcluding": "2.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. \n"
}
],
"id": "CVE-2023-30615",
"lastModified": "2024-11-21T08:00:30.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-25T18:15:10.150",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}