Palo Alto Networks Security Advisories / CVE-2023-3281

CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration

Severity 4.3 · MEDIUM
Attack Vector NETWORK
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE


A problem with the Cortex XSOAR Kafka v3 integration can result in the cleartext exposure of the configured Kafka client certificate key.

Product Status

Cortex XSOAR Kafka Integration v3< 2.0.16>= 2.0.16

Severity: MEDIUM

CVSSv3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-312 Cleartext Storage of Sensitive Information


This issue is fixed in the Cortex XSOAR Kafka v3 integration in version 2.0.16 and all later versions of the integration.

A new Kafka client certificate key should be used by the Kafka v3 integration after you upgrade it to a fixed version. You should also revoke the existing Kafka client certificate key to prevent the misuse of a previously exposed secret key.


Palo Alto Networks thanks Marcel Maeder of Swisscom (Schweiz) AG for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.