Palo Alto Networks Security Advisories / CVE-2024-5906

CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

Urgency MODERATE

047910
Severity 4.8 · MEDIUM
Response Effort MODERATE
Recovery AUTOMATIC
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction PASSIVE
Product Confidentiality LOW
Product Integrity LOW
Product Availability NONE
Privileges Required HIGH
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE

Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.

Product Status

VersionsAffectedUnaffected
Prisma Cloud Compute 32< 32.05 (O’Neal - Update 5)>= 32.05 (O’Neal - Update 5)

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-B: 4.8 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solution

This issue is fixed in Prisma Cloud Compute 32.05 (O'Neal - Update 5) and all later versions.

Acknowledgments

Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.