Skip to content

Commit fe0a738

Browse files
committed
[ADD] Added security adv
1 parent 838160f commit fe0a738

3 files changed

Lines changed: 45 additions & 12 deletions

File tree

docs/index.md

Lines changed: 30 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,26 +2,44 @@
22

33
![Main logo](_static/logo_blue.png){ align=center}
44

5-
### New to IRIS? 💡
6-
Start with our [Getting Started guide](getting_started/) to kick-off your IRIS instance in minutes.
5+
IRIS is a collaborative digital platform designed for incident response analysts to share complex investigations at a technical level.
76

8-
**Want to try it even faster?**
9-
Check out our free rolling version demonstration instance here: [IRIS Beta](https://v200.beta.dfir-iris.org).
7+
<div class="grid cards" markdown>
108

9+
- :material-clock-fast:{ .lg .middle } __New to IRIS?__
1110

12-
## What is IRIS?
13-
IRIS is a collaborative digital platform designed for incident response analysts to share complex investigations at a technical level. It can be installed on a dedicated server or as a portable application for roaming investigations where internet access might not be available.
11+
---
1412

15-
Born from the need to easily and effectively communicate lengthy and intricate investigations among analysts, IRIS is an open-source project available on our [Github organization](https://github.com/dfir-iris).
13+
Start with our Getting Started guide to kick-off your IRIS instance in minutes
1614

15+
[:octicons-arrow-right-24: Getting started](getting_started/)
1716

18-
## Let's connect
17+
- :material-rocket-launch:{ .lg .middle } __Try it now__
1918

20-
Join the IRIS community and expand your network! Feel free to reach out with any questions or feedback on our Discord Channel, engage or follow us on Twitter, share ideas via email. We're always happy to hear from you!
19+
---
2120

22-
## We're improving
23-
Our Documentation is in a constant state of evolution! 🚀
24-
If you can't find what you're looking for, please [contact us](/contact) and we'll make it happen.
21+
Want to try it even faster? Check out our free rolling version demonstration instance
2522

23+
[:octicons-arrow-right-24: IRIS Beta](https://v200.beta.dfir-iris.org)
24+
25+
- :material-scale-balance:{ .lg .middle } __Open Source__
26+
27+
---
28+
29+
Born from the need to effectively communicate intricate investigations, IRIS is fully open-source
30+
31+
[:octicons-arrow-right-24: GitHub](https://github.com/dfir-iris)
32+
33+
- :material-account-group:{ .lg .middle } __Let's connect__
34+
35+
---
36+
37+
Join the IRIS community! Reach out on Discord, follow us on Twitter, or share ideas via email
38+
39+
[:octicons-arrow-right-24: Contact](/contact)
40+
41+
</div>
42+
43+
---
2644

2745
*Powered by the Community, for the Community*.

docs/security-advisories.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,20 @@ We take security seriously at DFIR-IRIS. We are committed to providing a secure
44

55
This page lists all security advisories that have been published for the code released by DFIR-IRIS.
66

7+
## [CVE-2026-22783](https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v) <small>_ Oct 22, 2025 _</small>
8+
9+
| CVE ID | Github ID | Severity | Impacted product |
10+
|--------|-----------|-----------|-------|
11+
| [CVE-2026-22783](https://nvd.nist.gov/vuln/detail/CVE-2026-22783) | [GHSA-qhqj-8qw6-wp8v](https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v) | High - CVSS3 8.1/10 | iris-web |
12+
13+
### Description
14+
Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation.
15+
16+
### Affected versions
17+
- `iris-web` < `2.4.24`
18+
19+
### Fixed versions
20+
- `iris-web` >= `2.4.24`
721

822
## [CVE-2024-34060](https://github.com/dfir-iris/iris-web/security/advisories/GHSA-9rw6-5q9j-82fm) <small>_ Feb 18, 2024 _</small>
923

mkdocs.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ markdown_extensions:
3838
- name: mermaid
3939
class: mermaid
4040
format: !!python/name:pymdownx.superfences.fence_code_format
41+
- attr_list
4142

4243
extra:
4344
analytics:

0 commit comments

Comments
 (0)