Insertion of Sensitive Information into Externally-Accessible File or Directory

CVE-2022-0013

Medium

5/10

Summary

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

References

Advisory Timeline

Published Jan 12, 2022

Insertion of Sensitive Information into Externally-Accessible File or Directory

CVE-2022-0013

Summary

CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS