Global Protect portal using vulnerable jQuery version

Global Protect portal using vulnerable jQuery version

5297
Created On 11/19/19 04:52 AM - Last Modified 10/05/20 20:53 PM


Symptom
Penetration testing performed on the Global Protect Portal reveals  JQuery version 1.12.2. This version of library is outdated and several known XSS issues are related to this library.

 



Environment
  • PAN-OS 7.1 and above.
  • Palo Alto Firewall.
  • Global Protect configured.


Cause
GP Portal page uses  outdated jQuery library global-protect/portal/js/jquery.min.js (version 1.12.2).

 


Resolution
Engineering has updated the  jQuery library for portal page to use version 3.4.1 in PAN-OS 8.1.12  and 9.0.5.
Upgrade to  one of these  releases or higher PAN-OS  to fix this issue.



 


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PNY9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language