CVE-2023-0003

MEDIUM

Palo Alto Networks Cortex XSOAR - Info Disclosure

Title source: llm

Description

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

References (11)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2023-0003

Scores

CVSS v3 6.5

EPSS 0.0105

EPSS Percentile 77.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-610 CWE-73

Status published

Products (7)

fedoraproject/fedora 37

fedoraproject/fedora 38

fedoraproject/fedora 39

paloaltonetworks/cortex_xsoar 6.6.0 2585049 (4 CPE variants)

paloaltonetworks/cortex_xsoar 6.8.0 176620 (2 CPE variants)

paloaltonetworks/cortex_xsoar 6.9.0 130766 (2 CPE variants)

paloaltonetworks/cortex_xsoar 6.10.0 - 6.10.0.185964

Published Feb 08, 2023

Tracked Since Feb 18, 2026