CVE-2023-0003

{"id": "CVE-2023-0003", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-02-08T18:15:11.777", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.paloaltonetworks.com/CVE-2023-0003", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-610"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.\n"}], "lastModified": "2024-02-16T17:04:22.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6892445-38A0-4217-A16F-C7AFC288130A", "versionEndExcluding": "6.10.0.185964", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8EB5D56-A088-4C98-A840-C434BDB4BDF7"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38AE91D5-806F-47AD-84C6-96EA1E147691"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "976AE69C-D4D6-4B5A-90F4-6627E9A10A09"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F61D6A0A-D99D-47BD-AFC5-6CEDF578A77E"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:176620:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD4249C9-788E-4C74-9532-DEDA9F6FD68F"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62A10DA6-5BDC-49EC-B485-404E9EB6CF89"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:130766:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A70F572-F44E-420D-8518-20D3794A7C7D"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:177754:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99372C6B-2306-44E3-AA01-6B82630BB2A0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}