Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
CVE-2021-3034

5.1MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xsoar
Vendor: CVE Published:; 10 March 2021

Badges

👾 Exploit Exists

Summary

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Affected Version(s)

Cortex XSOAR 5.5.0 < 98622

Cortex XSOAR 6.0.2 < 98623

Cortex XSOAR 6.0.1 < 830029

References

https://security.paloaltonetworks.com/CVE-2021-3034

x_refsource_CONFIRM

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Mar 10, 2021
Vulnerability Reserved
Jan 6, 2021

Credit

Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue.