CVE-2021-3039

Prisma Cloud Compute: User role authorization secret for Console leaked through log file export

Description

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

Remediation

Solution:

  • This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions.

Workaround:

  • Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version.

Category

3.8
CVSS
Severity: Low
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.18%
Vendor Advisory paloaltonetworks.com
Affected: Palo Alto Networks Prisma Cloud Compute
Published at:
Updated at:

References

Link Tags
https://security.paloaltonetworks.com/CVE-2021-3039 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-3039?
CVE-2021-3039 has been scored as a low severity vulnerability.
How to fix CVE-2021-3039?
To fix CVE-2021-3039: This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions.
Is CVE-2021-3039 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-3039 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-3039?
CVE-2021-3039 affects Palo Alto Networks Prisma Cloud Compute.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.