CVE-2023-0003
published 2023-02-08CVE-2023-0003: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.16%
63.2th percentile
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| palo_alto_networks | cortex_xsoar | >= 6.10.0.0 < 6.10.0.185964 | 6.10.0.185964 |
| palo_alto_networks | cortex_xsoar | >= 6.6 < 6.6.B186115 | 6.6.B186115 |
| palo_alto_networks | cortex_xsoar | >= 6.8 < 6.8.B185719 | 6.8.B185719 |
| palo_alto_networks | cortex_xsoar | >= 6.9 < 6.9.B185415 | 6.9.B185415 |
| paloalto | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | >= 6.10.0 < 6.10.0.185964 | 6.10.0.185964 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rfc4-38hf-4pmp: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface
ghsa_unreviewed·2023-02-08
CVE-2023-0003 [MEDIUM] CWE-610 GHSA-rfc4-38hf-4pmp: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
Palo Alto
Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
vendor_paloalto·2023-02-08·CVSS 6.5
CVE-2023-0003 [MEDIUM] CWE-73 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
Affected products: Cortex XSOAR
Solution: This issue is fixed in Cortex XSOAR 6.6 build B186115, Cortex XSOAR 6.8 build B185719, Cortex XSOAR 6.9 build B185415, Cortex XSOAR 6.10 build 185964, and all later builds of Cortex XSOAR.
NOTE: Cortex XSOAR 6.10.0 build 185964 is generally available for customers to download. Customers using Cortex XSOAR hosted services, and those wanting to upgrade to a non-generally available build, will need to make a Customer Support request at https://support.paloaltonetworks.com/ to upgrade.
Wo
VMware
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
vendor_vmware·2023-02-02·CVSS 8.4
CVE-2023-20854 [HIGH] VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
VMSA-2023-0003: VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
VMware Workstation contains an arbitrary file deletion vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
CVEs: CVE-2023-20854
Affected products: VMware Workstation
No detection rules found.
No public exploits indexed.
https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/https://lists.fedoraproject.org/archives/list/[email protected]/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/https://lists.fedoraproject.org/archives/list/[email protected]/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/https://lists.fedoraproject.org/archives/list/[email protected]/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/https://lists.fedoraproject.org/archives/list/[email protected]/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/https://security.paloaltonetworks.com/CVE-2023-0003https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/https://lists.fedoraproject.org/archives/list/[email protected]/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/https://lists.fedoraproject.org/archives/list/[email protected]/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/https://lists.fedoraproject.org/archives/list/[email protected]/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/https://lists.fedoraproject.org/archives/list/[email protected]/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/https://security.paloaltonetworks.com/CVE-2023-0003
2023-02-08
Published