CVE-2021-3039 - Vulnerability Details - OpenCVE

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0018.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Prisma Cloud

Configuration 1 [-]

cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*

No data.

No data.

Fixes

Solution

This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions.

Workaround

Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2021-3039

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2021-06-10T12:33:06.234748Z

Updated: 2024-09-17T01:50:54.050Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-3039

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-10T13:15:08.267

Modified: 2024-11-21T06:20:49.050

Link: CVE-2021-3039

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Prisma Cloud Compute", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "21.04.412", "status": "unaffected"}], "lessThan": "21.04.412", "status": "affected", "version": "20.04", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."}], "datePublic": "2021-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-10T12:33:06", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."}], "source": {"defect": ["TL-28359"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-09T00:00:00", "value": "Initial publication"}], "title": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export", "workarounds": [{"lang": "en", "value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-06-09T16:00:00.000Z", "ID": "CVE-2021-3039", "STATE": "PUBLIC", "TITLE": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Prisma Cloud Compute", "version": {"version_data": [{"version_affected": "<", "version_name": "20.04", "version_value": "21.04.412"}, {"version_affected": "!>=", "version_name": "20.04", "version_value": "21.04.412"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3039", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."}], "source": {"defect": ["TL-28359"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-09T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."}], "x_affectedList": ["Prisma Cloud Compute 20.04"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:51.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3039", "datePublished": "2021-06-10T12:33:06.234748Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-17T01:50:54.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*", "matchCriteriaId": "DF25111A-E58B-4A26-B758-ABB340D9A0E0", "versionEndExcluding": "21.04.412", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n mediante un archivo de registro en la consola de computaci\u00f3n en Palo Alto Networks Prisma Cloud, donde un secreto utilizado para autorizar el rol del usuario autenticado se registra en un archivo de registro de depuraci\u00f3n. Los usuarios autenticados con el rol de Operador y Auditor con acceso a los archivos de registro de depuraci\u00f3n pueden usar este secreto para conseguir acceso al rol de Administrador para su sesi\u00f3n activa en Prisma Cloud Compute. Las versiones de Prisma Cloud Compute SaaS se actualizaron autom\u00e1ticamente a la versi\u00f3n corregida. Este problema afecta a todas las versiones de Prisma Cloud Compute anteriores a Prisma Cloud Compute 21.04.412"}], "id": "CVE-2021-3039", "lastModified": "2024-11-21T06:20:49.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2021-06-10T13:15:08.267", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3039"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}