// For flags

CVE-2021-3039

Prisma Cloud Compute: User role authorization secret for Console leaked through log file export

Severity Score

3.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

Se presenta una vulnerabilidad de exposición de información mediante un archivo de registro en la consola de computación en Palo Alto Networks Prisma Cloud, donde un secreto utilizado para autorizar el rol del usuario autenticado se registra en un archivo de registro de depuración. Los usuarios autenticados con el rol de Operador y Auditor con acceso a los archivos de registro de depuración pueden usar este secreto para conseguir acceso al rol de Administrador para su sesión activa en Prisma Cloud Compute. Las versiones de Prisma Cloud Compute SaaS se actualizaron automáticamente a la versión corregida. Este problema afecta a todas las versiones de Prisma Cloud Compute anteriores a Prisma Cloud Compute 21.04.412

*Credits: Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-06 CVE Reserved
  • 2021-06-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://security.paloaltonetworks.com/CVE-2021-3039 2021-06-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Paloaltonetworks
Search vendor "Paloaltonetworks"
 Prisma Cloud
Search vendor "Paloaltonetworks" for product "Prisma Cloud"
 < 21.04.412
Search vendor "Paloaltonetworks" for product "Prisma Cloud" and version " < 21.04.412"
compute
Affected