CVE-2023-0003

Published Feb 8, 2023

Last updated 9 months ago

Overview

Description: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-610
psirt@paloaltonetworks.com: CWE-73

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6892445-38A0-4217-A16F-C7AFC288130A",
            "versionEndExcluding": "6.10.0.185964",
            "versionStartIncluding": "6.10.0"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8EB5D56-A088-4C98-A840-C434BDB4BDF7"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38AE91D5-806F-47AD-84C6-96EA1E147691"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "976AE69C-D4D6-4B5A-90F4-6627E9A10A09"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F61D6A0A-D99D-47BD-AFC5-6CEDF578A77E"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:176620:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD4249C9-788E-4C74-9532-DEDA9F6FD68F"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62A10DA6-5BDC-49EC-B485-404E9EB6CF89"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:130766:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A70F572-F44E-420D-8518-20D3794A7C7D"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:177754:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99372C6B-2306-44E3-AA01-6B82630BB2A0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References