{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25624", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-08T22:26:33.511Z", "datePublished": "2024-04-25T16:30:43.979Z", "dateUpdated": "2024-08-01T23:44:09.705Z"}, "containers": {"cna": {"title": "iris-web vulnerable to Server Side Template Injection in reports", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"}], "affected": [{"vendor": "dfir-iris", "product": "iris-web", "versions": [{"version": "< 2.4.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-25T16:30:43.979Z"}, "descriptions": [{"lang": "en", "value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. \n"}], "source": {"advisory": "GHSA-m64w-f7fg-hpcr", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T18:27:39.355759Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*"], "vendor": "dfir-iris", "product": "iris", "versions": [{"status": "affected", "version": "0", "lessThan": "2.4.6", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:35:17.775Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.705Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr", "name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.705Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T18:27:39.355759Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*"], "vendor": "dfir-iris", "product": "iris", "versions": [{"status": "affected", "version": "0", "lessThan": "2.4.6", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T18:30:11.071Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "iris-web vulnerable to Server Side Template Injection in reports", "source": {"advisory": "GHSA-m64w-f7fg-hpcr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dfir-iris", "product": "iris-web", "versions": [{"status": "affected", "version": "< 2.4.6"}]}], "references": [{"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr", "name": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. \n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-25T16:30:43.979Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25624", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:44:09.705Z", "dateReserved": "2024-02-08T22:26:33.511Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-25T16:30:43.979Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*", "matchCriteriaId": "79080556-99C4-4B41-8354-6169D24EE1EB", "versionEndExcluding": "2.4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. \n"}, {"lang": "es", "value": "Iris es una plataforma colaborativa web que tiene como objetivo ayudar a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Debido a una configuraci\u00f3n incorrecta del entorno Jinja2, la generaci\u00f3n de informes en `iris-web` es propensa a una inyecci\u00f3n de plantilla del lado del servidor (SSTI). La explotaci\u00f3n exitosa de la vulnerabilidad puede conducir a una ejecuci\u00f3n remota de c\u00f3digo arbitraria. Un administrador autenticado debe cargar una plantilla de informe manipulada que contenga el payload. Al generar un informe basado en el informe armado, cualquier usuario puede activar la vulnerabilidad. La vulnerabilidad est\u00e1 parcheada en IRIS v2.4.6. No hay ning\u00fan workaround disponible. Se recomienda actualizar lo antes posible. Hasta la aplicaci\u00f3n del parche, revise las plantillas de informes y mantenga los privilegios administrativos que incluyen la carga de plantillas de informes limitados a usuarios dedicados."}], "id": "CVE-2024-25624", "lastModified": "2024-12-10T15:06:18.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-25T17:15:48.813", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m64w-f7fg-hpcr"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "[email protected]", "type": "Primary"}]}

{}