CVE-2021-3039

Published on: 06/10/2021 12:00:00 AM UTC

Last Modified on: 06/10/2021 04:28:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Certain versions of Prisma Cloud Compute from Palo Alto Networks contain the following vulnerability:

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

  • CVE-2021-3039 has been assigned by URL Logo [email protected] to track the vulnerability
  • Palo Alto Networks is not aware of any malicious exploitation of this issue.
  • Affected Vendor/Software: URL Logo Palo Alto Networks - Prisma Cloud Compute version < 21.04.412
  • Affected Vendor/Software: URL Logo Palo Alto Networks - Prisma Cloud Compute version !>= 21.04.412
Vulnerability Patch/Work Around
  • Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version.

CVE References

Description Tags Link
CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export security.paloaltonetworks.com
text/html
URL Logo MISC security.paloaltonetworks.com/CVE-2021-3039

Known Affected Software

Vendor Product Version
Palo Alto Networks Prisma_Cloud_Compute< 21.04.412
Palo Alto Networks Prisma_Cloud_Compute!>= 21.04.412

Discovery Credit

Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue.

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-3039 : An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Clou… twitter.com/i/web/status/1… 2021-06-10 12:37:02
Twitter Icon @autumn_good_35 CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export… twitter.com/i/web/status/1… 2021-06-10 13:49:56
Reddit Logo Icon /r/netcve CVE-2021-3039 2021-06-10 13:41:52
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report