CVE Vulnerabilities

CVE-2023-0003

Externally Controlled Reference to a Resource in Another Sphere

Published: Feb 08, 2023 | Modified: Nov 03, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

Weakness

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Cortex_xsoar Paloaltonetworks 6.8.0 6.8.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.8.0 6.8.0
Cortex_xsoar Paloaltonetworks 6.10.0 *
Cortex_xsoar Paloaltonetworks 6.9.0 6.9.0
Cortex_xsoar Paloaltonetworks 6.9.0 6.9.0

References