CVE-2021-3034 - Vulnerability Details

Vendors	Products
Paloaltonetworks	Cortex Xsoar

Source	ID	Title
EUVD	EUVD-2021-26386	An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Link	Providers
https://security.paloaltonetworks.com/CVE-2021-3034

{"containers": {"cna": {"affected": [{"product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "98622", "status": "unaffected"}], "lessThan": "98622", "status": "affected", "version": "5.5.0", "versionType": "custom"}, {"changes": [{"at": "98623", "status": "unaffected"}], "lessThan": "98623", "status": "affected", "version": "6.0.2", "versionType": "custom"}, {"changes": [{"at": "830029", "status": "unaffected"}], "lessThan": "830029", "status": "affected", "version": "6.0.1", "versionType": "custom"}, {"changes": [{"at": "848144", "status": "unaffected"}], "lessThan": "848144", "status": "affected", "version": "6.1.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the 'Test' button was used at some point to test the integration during SAML SSO setup."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."}], "datePublic": "2021-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-11T14:22:39", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.paloaltonetworks.com/CVE-2021-3034"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."}], "source": {"defect": ["XSOAR-33287"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-03-10T00:00:00", "value": "Initial publication"}], "title": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs", "workarounds": [{"lang": "en", "value": "You must configure a new private key for SAML SSO integration and you should not use the 'Test' button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the '/var/log/demisto/' directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the 'rm /var/log/demisto/server*.log' command from the console."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-03-10T17:00:00.000Z", "ID": "CVE-2021-3034", "STATE": "PUBLIC", "TITLE": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XSOAR", "version": {"version_data": [{"version_affected": "<", "version_name": "5.5.0", "version_value": "98622"}, {"version_affected": "<", "version_name": "6.0.2", "version_value": "98623"}, {"version_affected": "<", "version_name": "6.0.1", "version_value": "830029"}, {"version_affected": "<", "version_name": "6.1.0", "version_value": "848144"}, {"version_affected": "!>=", "version_name": "5.5.0", "version_value": "98622"}, {"version_affected": "!>=", "version_name": "6.0.2", "version_value": "98623"}, {"version_affected": "!>=", "version_name": "6.0.1", "version_value": "830029"}, {"version_affected": "!>=", "version_name": "6.1.0", "version_value": "848144"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the 'Test' button was used at some point to test the integration during SAML SSO setup."}], "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3034", "refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2021-3034"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."}], "source": {"defect": ["XSOAR-33287"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-03-10T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "You must configure a new private key for SAML SSO integration and you should not use the 'Test' button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the '/var/log/demisto/' directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the 'rm /var/log/demisto/server*.log' command from the console."}], "x_affectedList": ["Cortex XSOAR 6.1.0", "Cortex XSOAR 6.0.2", "Cortex XSOAR 6.0.1", "Cortex XSOAR 5.5.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:50.845Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3034"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3034", "datePublished": "2021-03-10T18:10:13.665033Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-16T16:38:50.120Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "76B47510-C747-4A91-8120-CBD872DDE5F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:70066:*:*:*:*:*:*", "matchCriteriaId": "CCC73F19-BAEC-464E-813E-AABFB0FF1749", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:73387:*:*:*:*:*:*", "matchCriteriaId": "829FDD7F-9F92-4425-BA03-7A916C672A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:75211:*:*:*:*:*:*", "matchCriteriaId": "01F6E4B3-7264-4B6B-A2E0-EC0C6E454FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:78518:*:*:*:*:*:*", "matchCriteriaId": "BFF634F2-427F-46AF-A203-3F8F91AEB039", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:94592:*:*:*:*:*:*", "matchCriteriaId": "C1B47446-7E43-44ED-A734-4C300ED6F6CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E09D6E6D-586A-4034-A5ED-6669EECE4715", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.1:81077:*:*:*:*:*:*", "matchCriteriaId": "4F60A667-2802-4EE5-879D-DEF385C8A252", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDAAC395-8A8B-4058-AEC8-450DA13E4D5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:90947:*:*:*:*:*:*", "matchCriteriaId": "5617A797-C295-4534-A8BD-DB7637FEDDA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:93351:*:*:*:*:*:*", "matchCriteriaId": "924A87A5-6809-4D3A-B660-4F3D3E930103", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:94597:*:*:*:*:*:*", "matchCriteriaId": "B046FAAA-2FC4-4F69-980B-878BA24D1ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:97682:*:*:*:*:*:*", "matchCriteriaId": "231DF541-0D13-42DD-9392-A269999DA50C", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "62F98F51-39E4-480D-8DB8-EE5AD36920FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."}, {"lang": "es", "value": "Se presenta una exposici\u00f3n de la informaci\u00f3n por medio de la vulnerabilidad del archivo de registro en el software Cortex XSOAR donde los secretos configurados para la integraci\u00f3n de inicio de sesi\u00f3n \u00fanico (SSO) SAML pueden ser registrados en los registros del servidor \"/var/log/demisto/\" al probar la integraci\u00f3n durante la instalaci\u00f3n. Esta informaci\u00f3n registrada incluye la clave privada y el certificado del proveedor de identidad utilizado para configurar la integraci\u00f3n SAML SSO. Este problema afecta a: Cortex XSOAR versiones 5.5.0 builds anteriores a 98622; Cortex XSOAR versiones 6.0.1 builds anteriores a 830029; Cortex XSOAR versiones 6.0.2 builds anteriores a 98623; Cortex XSOAR versiones 6.1.0 builds anteriores a 848144"}], "id": "CVE-2021-3034", "lastModified": "2024-11-21T06:20:48.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2021-03-10T18:15:13.297", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3034"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object