Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
CVE-2021-3034

5.1MEDIUM

Key Information:

Vendor

Palo Alto Networks
Status
Cortex Xsoar
Vendor
CVE Published:
10 March 2021

Badges

👾 Exploit Exists

What is CVE-2021-3034?

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Affected Version(s)

Cortex XSOAR 5.5.0 < 98622

Cortex XSOAR 6.0.2 < 98623

Cortex XSOAR 6.0.1 < 830029

References

https://security.paloaltonetworks.com/CVE-2021-3034
x_refsource_CONFIRM

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue.
.
CVE-2021-3034 : Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs