Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

CVE-2023-0003

6.5MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Cortex Xsoar
Vendor: CVE Published:; 8 February 2023

Summary

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

Affected Version(s)

Cortex XSOAR >= 8.1 All

Cortex XSOAR < 6.10.0.185964

Cortex XSOAR < 6.9.B185415

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Initial publication
Feb 8, 2023
Vulnerability published.
Feb 8, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Eric Turpin for discovering and reporting this issue.