Deployed 6ab6c3e with MkDocs version: 1.4.2

dfir-iris · Dec 18, 2023 · 0280956 · 0280956
1 parent 5140165
commit 0280956
Show file tree

Hide file tree

Showing 4 changed files with 185 additions and 55 deletions.
diff --git a/search/search_index.json b/search/search_index.json
diff --git a/security-advisories/index.html b/security-advisories/index.html
@@ -1194,11 +1194,11 @@
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
 
         <li class="md-nav__item">
-  <a href="#cve-2021-32737-may-24-2023" class="md-nav__link">
-    CVE-2021-32737  May 24, 2023 
+  <a href="#cve-2023-50712-dec-18-2023" class="md-nav__link">
+    CVE-2023-50712  Dec 18, 2023 
   </a>
 
-    <nav class="md-nav" aria-label="CVE-2021-32737  May 24, 2023 ">
+    <nav class="md-nav" aria-label="CVE-2023-50712  Dec 18, 2023 ">
       <ul class="md-nav__list">
 
           <li class="md-nav__item">
@@ -1227,6 +1227,54 @@
     Workarounds
   </a>
 
+</li>
+
+          <li class="md-nav__item">
+  <a href="#acknowledgment" class="md-nav__link">
+    Acknowledgment
+  </a>
+
+</li>
+
+      </ul>
+    </nav>
+
+</li>
+
+        <li class="md-nav__item">
+  <a href="#cve-2023-30615-may-24-2023" class="md-nav__link">
+    CVE-2023-30615  May 24, 2023 
+  </a>
+
+    <nav class="md-nav" aria-label="CVE-2023-30615  May 24, 2023 ">
+      <ul class="md-nav__list">
+
+          <li class="md-nav__item">
+  <a href="#description_1" class="md-nav__link">
+    Description
+  </a>
+
+</li>
+
+          <li class="md-nav__item">
+  <a href="#affected-versions_1" class="md-nav__link">
+    Affected versions
+  </a>
+
+</li>
+
+          <li class="md-nav__item">
+  <a href="#fixed-versions_1" class="md-nav__link">
+    Fixed versions
+  </a>
+
+</li>
+
+          <li class="md-nav__item">
+  <a href="#workarounds_1" class="md-nav__link">
+    Workarounds
+  </a>
+
 </li>
 
       </ul>
@@ -1299,11 +1347,11 @@
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
 
         <li class="md-nav__item">
-  <a href="#cve-2021-32737-may-24-2023" class="md-nav__link">
-    CVE-2021-32737  May 24, 2023 
+  <a href="#cve-2023-50712-dec-18-2023" class="md-nav__link">
+    CVE-2023-50712  Dec 18, 2023 
   </a>
 
-    <nav class="md-nav" aria-label="CVE-2021-32737  May 24, 2023 ">
+    <nav class="md-nav" aria-label="CVE-2023-50712  Dec 18, 2023 ">
       <ul class="md-nav__list">
 
           <li class="md-nav__item">
@@ -1332,6 +1380,54 @@
     Workarounds
   </a>
 
+</li>
+
+          <li class="md-nav__item">
+  <a href="#acknowledgment" class="md-nav__link">
+    Acknowledgment
+  </a>
+
+</li>
+
+      </ul>
+    </nav>
+
+</li>
+
+        <li class="md-nav__item">
+  <a href="#cve-2023-30615-may-24-2023" class="md-nav__link">
+    CVE-2023-30615  May 24, 2023 
+  </a>
+
+    <nav class="md-nav" aria-label="CVE-2023-30615  May 24, 2023 ">
+      <ul class="md-nav__list">
+
+          <li class="md-nav__item">
+  <a href="#description_1" class="md-nav__link">
+    Description
+  </a>
+
+</li>
+
+          <li class="md-nav__item">
+  <a href="#affected-versions_1" class="md-nav__link">
+    Affected versions
+  </a>
+
+</li>
+
+          <li class="md-nav__item">
+  <a href="#fixed-versions_1" class="md-nav__link">
+    Fixed versions
+  </a>
+
+</li>
+
+          <li class="md-nav__item">
+  <a href="#workarounds_1" class="md-nav__link">
+    Workarounds
+  </a>
+
 </li>
 
       </ul>
@@ -1357,7 +1453,7 @@
 
 <h1 id="security-advisories">Security Advisories</h1>
 <p>This page lists all security advisories that have been published for the code released by DFIR-IRIS.</p>
-<h2 id="cve-2021-32737-may-24-2023"><a href="https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49">CVE-2021-32737</a> <small><em> May 24, 2023 </em></small></h2>
+<h2 id="cve-2023-50712-dec-18-2023"><a href="https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p">CVE-2023-50712</a> <small><em> Dec 18, 2023 </em></small></h2>
 <table>
 <thead>
 <tr>
@@ -1369,26 +1465,60 @@ <h2 id="cve-2021-32737-may-24-2023"><a href="https://github.com/dfir-iris/iris-w
 </thead>
 <tbody>
 <tr>
-<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30615">CVE-2021-32737</a></td>
-<td><a href="https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49">GHSA-gc6j-6276-2m49</a></td>
+<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30615">CVE-2023-30615</a></td>
+<td><a href="https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p">GHSA-593r-747g-p92p</a></td>
 <td>Moderate - CVSS3 4.6/10</td>
 <td>iris-web</td>
 </tr>
 </tbody>
 </table>
 <h3 id="description">Description</h3>
-<p>A stored Cross-Site Scripting (XSS) vulnerability has been identified in <code>iris-web</code>, affecting multiple locations in versions prior to <code>v2.2.1</code>. The vulnerability allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other related malicious activities.</p>
+<p>A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities.</p>
 <p>An attacker need to be authenticated on the application to exploit this vulnerability.</p>
 <h3 id="affected-versions">Affected versions</h3>
 <ul>
+<li><code>iris-web</code> &lt; <code>2.3.7</code></li>
+</ul>
+<h3 id="fixed-versions">Fixed versions</h3>
+<ul>
+<li><code>iris-web</code> &gt;= <code>2.3.7</code></li>
+</ul>
+<h3 id="workarounds">Workarounds</h3>
+<p>No workaround is available.  </p>
+<h3 id="acknowledgment">Acknowledgment</h3>
+<p>Thanks to Leonard Rapp (G DATA Advanced Analytics GmbH) for the responsible disclosure.</p>
+<h2 id="cve-2023-30615-may-24-2023"><a href="https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49"> CVE-2023-30615</a> <small><em> May 24, 2023 </em></small></h2>
+<table>
+<thead>
+<tr>
+<th>CVE ID</th>
+<th>Github ID</th>
+<th>Severity</th>
+<th>Impacted product</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30615"> CVE-2023-30615</a></td>
+<td><a href="https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49">GHSA-gc6j-6276-2m49</a></td>
+<td>Moderate - CVSS3 4.6/10</td>
+<td>iris-web</td>
+</tr>
+</tbody>
+</table>
+<h3 id="description_1">Description</h3>
+<p>A stored Cross-Site Scripting (XSS) vulnerability has been identified in <code>iris-web</code>, affecting multiple locations in versions prior to <code>v2.2.1</code>. The vulnerability allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other related malicious activities.</p>
+<p>An attacker need to be authenticated on the application to exploit this vulnerability.</p>
+<h3 id="affected-versions_1">Affected versions</h3>
+<ul>
 <li><code>iris-web</code> &lt; <code>2.2.1</code></li>
 <li><code>iris-web</code> &gt; <code>2.0.0</code> and &lt; <code>2.2.1</code> while not using the alerting feature are not impacted.</li>
 </ul>
-<h3 id="fixed-versions">Fixed versions</h3>
+<h3 id="fixed-versions_1">Fixed versions</h3>
 <ul>
 <li><code>iris-web</code> &gt;= <code>2.2.1</code></li>
 </ul>
-<h3 id="workarounds">Workarounds</h3>
+<h3 id="workarounds_1">Workarounds</h3>
 <p>No workaround is available.</p>
 
   <hr>