CVE-2021-3039 — Log File Information Exposure in Palo Alto Networks Prisma Cloud Compute

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

3.8LOWNVD

EPSS

0.2%

top 60.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Prisma Cloud Compute Paloaltonetworks Prisma Cloud Paloalto Prisma Cloud Compute

Timeline

PublishedJun 10

Latest updateMay 24

Description

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5palo_alto_networks/prisma_cloud_compute20.04 — 21.04.412

▶Palo Altopaloalto/prisma_cloud_compute

▶NVDpaloaltonetworks/prisma_cloud< 21.04.412

🔴Vulnerability Details

GHSA

GHSA-88pp-wqr9-8f77: An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize↗2022-05-24

▶

CVEList

Prisma Cloud Compute: User role authorization secret for Console leaked through log file export↗2021-06-10

▶

📋Vendor Advisories

Palo Alto

Prisma Cloud Compute: User role authorization secret for Console leaked through log file export↗2021-06-09

▶