github - ghsa-386g-pgm8-cfcr

ghsa-386g-pgm8-cfcr

Vulnerability from github

Published

2022-05-12 00:01

Modified

2022-05-21 00:01

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-0027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-11T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.",
  "id": "GHSA-386g-pgm8-cfcr",
  "modified": "2022-05-21T00:01:06Z",
  "published": "2022-05-12T00:01:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0027"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-0027

Vulnerability from cvelistv5

Published

2022-05-11 16:30

Modified

2024-09-16 23:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

▼	URL	Tags
	https://security.paloaltonetworks.com/CVE-2022-0027	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Palo Alto Networks

Cortex XSOAR

Version: 6.1.*
Version: 6.2.*
Version: 6.5.*
Version: 6.6 < 6.6.0.2585049

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0027"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XSOAR",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.*"
            },
            {
              "status": "affected",
              "version": "6.2.*"
            },
            {
              "status": "affected",
              "version": "6.5.*"
            },
            {
              "changes": [
                {
                  "at": "6.6.0.2585049",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.6.0.2585049",
              "status": "affected",
              "version": "6.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-11T16:30:27",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0027"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-05-11T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
          "ID": "CVE-2022-0027",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XSOAR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.6",
                            "version_value": "6.6.0.2585049"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "6.1",
                            "version_value": "6.1.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "6.2",
                            "version_value": "6.2.*"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "6.5",
                            "version_value": "6.5.*"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.6",
                            "version_value": "6.6.0.2585049"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0027",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0027"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-11T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XSOAR 6.6",
          "Cortex XSOAR 6.5",
          "Cortex XSOAR 6.2",
          "Cortex XSOAR 6.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0027",
    "datePublished": "2022-05-11T16:30:27.103576Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-16T23:06:08.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted