Information disclosure in Palo Alto Networks Globalprotect App
CVE-2020-2004
Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this…
EPSS: 0.003 (21.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L.
Affected products
- Palo Alto Networks Globalprotect App — versions 5.0, 5.1, 5.0.9
- Paloaltonetworks Globalprotect
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (x_refsource_MISC, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-2004?
- CVE-2020-2004 is a medium-severity vulnerability in Palo Alto Networks Globalprotect App, classified under CWE-534. CVSS score: 6.8/10. Published 2020-05-13.
- How severe is CVE-2020-2004?
- Medium severity. CVSS v3 base score is 6.8 out of 10.