gsd-2021-3034
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3034",
"description": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.",
"id": "GSD-2021-3034"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3034"
],
"details": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.",
"id": "GSD-2021-3034",
"modified": "2023-12-13T01:23:35.086895Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-03-10T17:00:00.000Z",
"ID": "CVE-2021-3034",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.5.0",
"version_value": "98622"
},
{
"version_affected": "\u003c",
"version_name": "6.0.2",
"version_value": "98623"
},
{
"version_affected": "\u003c",
"version_name": "6.0.1",
"version_value": "830029"
},
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "848144"
},
{
"version_affected": "!\u003e=",
"version_name": "5.5.0",
"version_value": "98622"
},
{
"version_affected": "!\u003e=",
"version_name": "6.0.2",
"version_value": "98623"
},
{
"version_affected": "!\u003e=",
"version_name": "6.0.1",
"version_value": "830029"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1.0",
"version_value": "848144"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the \u0027Test\u0027 button was used at some point to test the integration during SAML SSO setup."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3034",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3034"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."
}
],
"source": {
"defect": [
"XSOAR-33287"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2021-03-10T17:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "You must configure a new private key for SAML SSO integration and you should not use the \u0027Test\u0027 button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the \u0027/var/log/demisto/\u0027 directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the \u0027rm /var/log/demisto/server*.log\u0027 command from the console."
}
],
"x_affectedList": [
"Cortex XSOAR 6.1.0",
"Cortex XSOAR 6.0.2",
"Cortex XSOAR 6.0.1",
"Cortex XSOAR 5.5.0"
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:70066:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:73387:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:75211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:78518:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:94592:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.1:81077:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:90947:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:93351:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:94597:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:97682:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2021-3034"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3034"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2
}
},
"lastModifiedDate": "2021-03-24T01:56Z",
"publishedDate": "2021-03-10T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.