CVE-2024-34060

Name of the Vulnerable Software and Affected Versions: IrisEVTXModule versions prior to 1.0.0

Description: The issue is related to the incorrect restriction of the directory path name with limited access in the IrisEVTXModule, which handles Microsoft EVTX log files. This can lead to remote code execution (RCE) when combined with a Server Side Template Injection (SSTI) due to the unsafe handling of filenames during EVTX file upload.

Recommendations: For versions prior to 1.0.0, update to version 1.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the iris-evtx-module pipeline plugin to minimize the risk of exploitation. Avoid using the vulnerable iris-evtx-module until the issue is resolved.