Palo Alto Networks Prisma Cloud Compute Edition Insufficient Session Expiration Vulnerability

A vulnerability exists in the web interface of Palo Alto Networks Prisma Cloud Compute Edition versions prior to 34.00.141, where web sessions do not expire when users are deleted. This flaw can lead to unauthorized access, as sessions may remain active even after a user's account has been removed. In contrast, the Compute component of Prisma Cloud Enterprise Edition is not affected by this issue.

Impact

Exploitation of this vulnerability could result in unauthorized access to the web interface of Prisma Cloud Compute Edition, allowing an attacker to potentially interact with the application under the guise of a deleted user.

Remediation

Users can upgrade to Prisma Cloud Compute Edition version 34.00.141 or later to address this vulnerability. Instructions for updating can be found in the Prisma Cloud documentation.