CVE-2021-3039 (GCVE-0-2021-3039)
Vulnerability from cvelistv5
Published
2021-06-10 12:33
Modified
2024-09-17 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Information Exposure Through Log Files
Summary
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.
References
| URL | Tags | ||
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Version: 20.04 < 21.04.412 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "21.04.412",
"status": "unaffected"
}
],
"lessThan": "21.04.412",
"status": "affected",
"version": "20.04",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."
}
],
"datePublic": "2021-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T12:33:06",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."
}
],
"source": {
"defect": [
"TL-28359"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-09T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export",
"workarounds": [
{
"lang": "en",
"value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-06-09T16:00:00.000Z",
"ID": "CVE-2021-3039",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04",
"version_value": "21.04.412"
},
{
"version_affected": "!\u003e=",
"version_name": "20.04",
"version_value": "21.04.412"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3039",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."
}
],
"source": {
"defect": [
"TL-28359"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."
}
],
"x_affectedList": [
"Prisma Cloud Compute 20.04"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3039",
"datePublished": "2021-06-10T12:33:06.234748Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:50:54.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3039\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2021-06-10T13:15:08.267\",\"lastModified\":\"2024-11-21T06:20:49.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n mediante un archivo de registro en la consola de computaci\u00f3n en Palo Alto Networks Prisma Cloud, donde un secreto utilizado para autorizar el rol del usuario autenticado se registra en un archivo de registro de depuraci\u00f3n. Los usuarios autenticados con el rol de Operador y Auditor con acceso a los archivos de registro de depuraci\u00f3n pueden usar este secreto para conseguir acceso al rol de Administrador para su sesi\u00f3n activa en Prisma Cloud Compute. Las versiones de Prisma Cloud Compute SaaS se actualizaron autom\u00e1ticamente a la versi\u00f3n corregida. Este problema afecta a todas las versiones de Prisma Cloud Compute anteriores a Prisma Cloud Compute 21.04.412\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*\",\"versionEndExcluding\":\"21.04.412\",\"matchCriteriaId\":\"DF25111A-E58B-4A26-B758-ABB340D9A0E0\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3039\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…