github - ghsa-x58x-95ff-fvvp

ghsa-x58x-95ff-fvvp

Vulnerability from github

Published

2022-05-24 22:33

Modified

2022-05-24 22:33

Details

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the ‘/var/log/demisto/’ server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u2018/var/log/demisto/\u2019 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.",
  "id": "GHSA-x58x-95ff-fvvp",
  "modified": "2022-05-24T22:33:53Z",
  "published": "2022-05-24T22:33:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3034"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3034"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2021-3034

Vulnerability from cvelistv5

Published

2021-03-10 18:10

Modified

2024-09-16 16:38

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Summary

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

References

▼	URL	Tags
	https://security.paloaltonetworks.com/CVE-2021-3034	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Palo Alto Networks

Cortex XSOAR

Version: 5.5.0   < 98622
Version: 6.0.2   < 98623
Version: 6.0.1   < 830029
Version: 6.1.0   < 848144

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3034"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XSOAR",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "98622",
                  "status": "unaffected"
                }
              ],
              "lessThan": "98622",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "98623",
                  "status": "unaffected"
                }
              ],
              "lessThan": "98623",
              "status": "affected",
              "version": "6.0.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "830029",
                  "status": "unaffected"
                }
              ],
              "lessThan": "830029",
              "status": "affected",
              "version": "6.0.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "848144",
                  "status": "unaffected"
                }
              ],
              "lessThan": "848144",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the \u0027Test\u0027 button was used at some point to test the integration during SAML SSO setup."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."
        }
      ],
      "datePublic": "2021-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Information Exposure Through Log Files",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-11T14:22:39",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3034"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."
        }
      ],
      "source": {
        "defect": [
          "XSOAR-33287"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-03-10T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs",
      "workarounds": [
        {
          "lang": "en",
          "value": "You must configure a new private key for SAML SSO integration and you should not use the \u0027Test\u0027 button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the \u0027/var/log/demisto/\u0027 directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the \u0027rm /var/log/demisto/server*.log\u0027 command from the console."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-03-10T17:00:00.000Z",
          "ID": "CVE-2021-3034",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XSOAR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.5.0",
                            "version_value": "98622"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.0.2",
                            "version_value": "98623"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.0.1",
                            "version_value": "830029"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1.0",
                            "version_value": "848144"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.5.0",
                            "version_value": "98622"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.0.2",
                            "version_value": "98623"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.0.1",
                            "version_value": "830029"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1.0",
                            "version_value": "848144"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the \u0027Test\u0027 button was used at some point to test the integration during SAML SSO setup."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-532 Information Exposure Through Log Files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3034",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3034"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."
          }
        ],
        "source": {
          "defect": [
            "XSOAR-33287"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-03-10T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "You must configure a new private key for SAML SSO integration and you should not use the \u0027Test\u0027 button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the \u0027/var/log/demisto/\u0027 directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the \u0027rm /var/log/demisto/server*.log\u0027 command from the console."
          }
        ],
        "x_affectedList": [
          "Cortex XSOAR 6.1.0",
          "Cortex XSOAR 6.0.2",
          "Cortex XSOAR 6.0.1",
          "Cortex XSOAR 5.5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3034",
    "datePublished": "2021-03-10T18:10:13.665033Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-16T16:38:50.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted