Prisma Cloud Defenders

Tl;dr - unfixed information disclosure in Prisma Cloud defenders This post is about how to abuse a agent of a cloud security solution to get information which you should not know, like what security controls are applied, what assets the victim owns and the owners of the assets. Introduction A few months ago I was examining the Prisma Cloud configuration of my workplace and accidentally discovered an information disclosure issue of Prisma Cloud defender (the agent). This issue has been reported to Palo Alto as security disclosure, however Palo Alto declared that this is an expected behavior. ...

July 20, 2022 · updated August 3, 2022 · 2 min ·  security