Vulnerability Details : CVE-2023-0003
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
Vulnerability category: File inclusion
Products affected by CVE-2023-0003
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:176620:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:177754:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:130766:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0003
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0003
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Palo Alto Networks, Inc. |
CWE ids for CVE-2023-0003
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: psirt@paloaltonetworks.com (Secondary)
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-0003
-
https://security.paloaltonetworks.com/CVE-2023-0003
CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR ServerVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
[SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
[SECURITY] Fedora 37 Update: nodejs18-18.18.2-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/
[SECURITY] Fedora 38 Update: nodejs18-18.16.1-1.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/
[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
[SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/
[SECURITY] Fedora 37 Update: nodejs16-16.20.1-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
[SECURITY] Fedora 39 Update: nodejs18-18.18.2-1.fc39 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
[SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/
[SECURITY] Fedora 37 Update: nodejs18-18.16.1-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to