Information disclosure in Palo Alto Networks Globalprotect App

CVE-2020-2004

Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this…

EPSS: 0.003 (21.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-2004?
CVE-2020-2004 is a medium-severity vulnerability in Palo Alto Networks Globalprotect App, classified under CWE-534. CVSS score: 6.8/10. Published 2020-05-13.
How severe is CVE-2020-2004?
Medium severity. CVSS v3 base score is 6.8 out of 10.