CVE-2021-3039 - OpenCVE

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Prisma Cloud

Configuration 1 [-]

cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2021-3039	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2021-06-09T00:00:00

Updated: 2021-06-10T12:33:06

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-3039

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-10T13:15:08.267

Modified: 2021-06-25T01:36:35.347

Link: CVE-2021-3039

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "Prisma Cloud Compute", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "21.04.412", "status": "unaffected"}], "lessThan": "21.04.412", "status": "affected", "version": "20.04", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."}], "datePublic": "2021-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-10T12:33:06", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."}], "source": {"defect": ["TL-28359"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-09T00:00:00", "value": "Initial publication"}], "title": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export", "workarounds": [{"lang": "en", "value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-06-09T16:00:00.000Z", "ID": "CVE-2021-3039", "STATE": "PUBLIC", "TITLE": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Prisma Cloud Compute", "version": {"version_data": [{"version_affected": "<", "version_name": "20.04", "version_value": "21.04.412"}, {"version_affected": "!>=", "version_name": "20.04", "version_value": "21.04.412"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3039", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."}], "source": {"defect": ["TL-28359"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-09T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."}], "x_affectedList": ["Prisma Cloud Compute 20.04"]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3039", "datePublished": "2021-06-09T00:00:00", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-06-10T12:33:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*", "matchCriteriaId": "DF25111A-E58B-4A26-B758-ABB340D9A0E0", "versionEndExcluding": "21.04.412", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n mediante un archivo de registro en la consola de computaci\u00f3n en Palo Alto Networks Prisma Cloud, donde un secreto utilizado para autorizar el rol del usuario autenticado se registra en un archivo de registro de depuraci\u00f3n. Los usuarios autenticados con el rol de Operador y Auditor con acceso a los archivos de registro de depuraci\u00f3n pueden usar este secreto para conseguir acceso al rol de Administrador para su sesi\u00f3n activa en Prisma Cloud Compute. Las versiones de Prisma Cloud Compute SaaS se actualizaron autom\u00e1ticamente a la versi\u00f3n corregida. Este problema afecta a todas las versiones de Prisma Cloud Compute anteriores a Prisma Cloud Compute 21.04.412"}], "id": "CVE-2021-3039", "lastModified": "2021-06-25T01:36:35.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "psirt@paloaltonetworks.com", "type": "Primary"}]}, "published": "2021-06-10T13:15:08.267", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}