CVE-2021-3034 — Log File Information Exposure in Palo Alto Networks Cortex Xsoar

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 91.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex Xsoar Paloaltonetworks Cortex Xsoar Paloalto Cortex Xsoar

Timeline

PublishedMar 10

Latest updateMay 24

Description

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Co…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:NExploitability: 0.8 | Impact: 4.2

Affected Packages3 packages

▶CVEListV5palo_alto_networks/cortex_xsoar5.5.0 — 98622+3

▶Palo Altopaloalto/cortex_xsoar

▶NVDpaloaltonetworks/cortex_xsoar4 versions+3

🔴Vulnerability Details

GHSA

GHSA-x58x-95ff-fvvp: An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO)↗2022-05-24

▶

CVEList

Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs↗2021-03-10

▶

📋Vendor Advisories

Palo Alto

Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs↗2021-03-10

▶