Global Protect portal using vulnerable jQuery version
Created On 11/19/19 04:52 AM - Last Modified 10/05/20 20:53 PM
Penetration testing performed on the Global Protect Portal reveals JQuery version 1.12.2. This version of library is outdated and several known XSS issues are related to this library.
- PAN-OS 7.1 and above.
- Palo Alto Firewall.
- Global Protect configured.
GP Portal page uses outdated jQuery library global-protect/portal/js/jquery.min.js (version 1.12.2).
Engineering has updated the jQuery library for portal page to use version 3.4.1 in PAN-OS 8.1.12 and 9.0.5.
Upgrade to one of these releases or higher PAN-OS to fix this issue.