CVE-2019-1583

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Twistlock versions 19.07.358 and earlier

Description The issue is related to insufficient access control in the Palo Alto Networks Twistlock complex for cloud services and platform protection. It allows a remote attacker to escalate privileges. Active interaction with an affected component is required for the payload to execute on the victim. A Twistlock user with Operator capabilities can escalate privileges to those of another user.

Recommendations For versions 19.07.358 and earlier, consider restricting access to the Twistlock console to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.