CVE-2020-2004 GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs

🗓️ 13 May 2020 19:07:14Reported by palo_altoType

GlobalProtect App may log passwords in cleartext while collecting troubleshooting log

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the GlobalProtect for Windows and GlobalProtect for MacOS software lies in the ability to disclose information through event log files, allowing attackers to compromise the confidentiality and integrity of the protected information.	12 Aug 202000:00	–	bdu_fstec
CNVD	Palo Alto Networks GlobalProtect Log Message Disclosure Vulnerability	14 May 202000:00	–	cnvd
CVE	CVE-2020-2004	13 May 202019:07	–	cve
EUVD	EUVD-2020-22032	7 Oct 202500:30	–	euvd
NVD	CVE-2020-2004	13 May 202019:15	–	nvd
OSV	CVE-2020-2004	13 May 202019:15	–	osv
Palo Alto Networks	GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs	13 May 202016:00	–	paloalto
Prion	Design/Logic Flaw	13 May 202019:15	–	prion

[
  {
    "platforms": [
      "Windows and MacOS"
    ],
    "product": "GlobalProtect App",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "lessThan": "5.0.9",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1.2",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "GlobalProtect App",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "lessThan": "5.0*",
        "status": "unaffected",
        "version": "5.0.9",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1*",
        "status": "unaffected",
        "version": "5.1.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2020-2004

13 May 2020 19:07Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.8

EPSS0.00058

CWE-534