An information exposure vulnerability in the logging component of Palo Alto Networks GlobalProtect App allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump".
This issue affects Palo Alto Networks GlobalProtect App 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 5.1 | < 5.1.1 | >= 5.1.1 |
GlobalProtect App 5.0 | < 5.0.9 | >= 5.0.9 |
CVSSv3.1 Base Score: 2.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
CWE-215 Information Exposure Through Debug Information
This issue is fixed in GlobalProtect App 5.0.9, GlobalProtect App 5.1.1 and all later versions.