CVE-2019-1583

Published: Aug 23, 2019Modified: Nov 21, 2024

8.0

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim.

Affected (1)

Products: Paloaltonetworks: Twistlock

Paloaltonetworks

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Twistlock	Up to 19.07.357

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://security.paloaltonetworks.com/CVE-2019-1583

Source: psirt@paloaltonetworks.com

https://security.paloaltonetworks.com/CVE-2019-1583

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.