Lucene search

Palo_altoCVELIST:CVE-2021-3039

HistoryJun 09, 2021 - 12:00 a.m.

CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export

2021-06-0900:00:00

CWE-532

palo_alto

www.cve.org

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

CNA Affected

[
  {
    "product": "Prisma Cloud Compute",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "21.04.412",
            "status": "unaffected"
          }
        ],
        "lessThan": "21.04.412",
        "status": "affected",
        "version": "20.04",
        "versionType": "custom"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2021-3039

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-3039