Palo Alto Networks Security Advisories / CVE-2023-3281

CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration

047910
Severity 4.3 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
NVD JSON
Published 2023-10-11
Updated 2023-10-11
Reference CRTX-93194
Discovered in production use

Description

A problem with the Cortex XSOAR Kafka v3 integration can result in the cleartext exposure of the configured Kafka client certificate key.

Product Status

VersionsAffectedUnaffected
Cortex XSOAR Kafka Integration v3< 2.0.16>= 2.0.16

Severity: MEDIUM

CVSSv3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-312 Cleartext Storage of Sensitive Information

Solution

This issue is fixed in the Cortex XSOAR Kafka v3 integration in version 2.0.16 and all later versions of the integration.

A new Kafka client certificate key should be used by the Kafka v3 integration after you upgrade it to a fixed version. You should also revoke the existing Kafka client certificate key to prevent the misuse of a previously exposed secret key.

Acknowledgments

Palo Alto Networks thanks Marcel Maeder of Swisscom (Schweiz) AG for discovering and reporting this issue.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.