{"uuid": "149f843c-ad50-451d-b036-f6a03ce704c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3034", "type": "seen", "source": "https://t.me/cibsecurity/24711", "content": "\u203c CVE-2021-3034 \u203c\n\nAn information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u00c3\u00a2\u00e2\u201a\u00ac\u00cb\u0153/var/log/demisto/\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-10T20:53:10.000000Z"}