Vulnerabilities > CVE-2021-3040 - Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

paloaltonetworks

CWE-502

NVD

Published: 2021-06-10

Updated: 2021-06-21

Summary

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted.

Vulnerable Configurations

Part	Description	Count
Application	Paloaltonetworks Paloaltonetworks Bridgecrew Checkov 2.0.0 Paloaltonetworks Bridgecrew Checkov 2.0.1 Paloaltonetworks Bridgecrew Checkov 2.0.2 Paloaltonetworks Bridgecrew Checkov 2.0.3 Paloaltonetworks Bridgecrew Checkov 2.0.4 Paloaltonetworks Bridgecrew Checkov 2.0.5 Paloaltonetworks Bridgecrew Checkov 2.0.6 Paloaltonetworks Bridgecrew Checkov 2.0.7 Paloaltonetworks Bridgecrew Checkov 2.0.8 Paloaltonetworks Bridgecrew Checkov 2.0.9 Paloaltonetworks Bridgecrew Checkov 2.0.10 Paloaltonetworks Bridgecrew Checkov 2.0.11 Paloaltonetworks Bridgecrew Checkov 2.0.12 Paloaltonetworks Bridgecrew Checkov 2.0.13 Paloaltonetworks Bridgecrew Checkov 2.0.14 Paloaltonetworks Bridgecrew Checkov 2.0.15 Paloaltonetworks Bridgecrew Checkov 2.0.16 Paloaltonetworks Bridgecrew Checkov 2.0.17 Paloaltonetworks Bridgecrew Checkov 2.0.18 Paloaltonetworks Bridgecrew Checkov 2.0.19 Paloaltonetworks Bridgecrew Checkov 2.0.20 Paloaltonetworks Bridgecrew Checkov 2.0.21 Paloaltonetworks Bridgecrew Checkov 2.0.22 Paloaltonetworks Bridgecrew Checkov 2.0.23 Paloaltonetworks Bridgecrew Checkov 2.0.24 Paloaltonetworks Bridgecrew Checkov 2.0.25 Paloaltonetworks Bridgecrew Checkov 2.0.26 Paloaltonetworks Bridgecrew Checkov 2.0.27 Paloaltonetworks Bridgecrew Checkov 2.0.28 Paloaltonetworks Bridgecrew Checkov 2.0.29 Paloaltonetworks Bridgecrew Checkov 2.0.30 Paloaltonetworks Bridgecrew Checkov 2.0.31 Paloaltonetworks Bridgecrew Checkov 2.0.32 Paloaltonetworks Bridgecrew Checkov 2.0.33 Paloaltonetworks Bridgecrew Checkov 2.0.34 Paloaltonetworks Bridgecrew Checkov 2.0.35 Paloaltonetworks Bridgecrew Checkov 2.0.36 Paloaltonetworks Bridgecrew Checkov 2.0.37 Paloaltonetworks Bridgecrew Checkov 2.0.38 Paloaltonetworks Bridgecrew Checkov 2.0.39 Paloaltonetworks Bridgecrew Checkov 2.0.40 Paloaltonetworks Bridgecrew Checkov 2.0.41 Paloaltonetworks Bridgecrew Checkov 2.0.42 Paloaltonetworks Bridgecrew Checkov 2.0.43 Paloaltonetworks Bridgecrew Checkov 2.0.44 Paloaltonetworks Bridgecrew Checkov 2.0.45 Paloaltonetworks Bridgecrew Checkov 2.0.46 Paloaltonetworks Bridgecrew Checkov 2.0.47 Paloaltonetworks Bridgecrew Checkov 2.0.48 Paloaltonetworks Bridgecrew Checkov 2.0.49 Paloaltonetworks Bridgecrew Checkov 2.0.50 Paloaltonetworks Bridgecrew Checkov 2.0.51 Paloaltonetworks Bridgecrew Checkov 2.0.52 Paloaltonetworks Bridgecrew Checkov 2.0.53 Paloaltonetworks Bridgecrew Checkov 2.0.54 Paloaltonetworks Bridgecrew Checkov 2.0.55 Paloaltonetworks Bridgecrew Checkov 2.0.56 Paloaltonetworks Bridgecrew Checkov 2.0.57 Paloaltonetworks Bridgecrew Checkov 2.0.58 Paloaltonetworks Bridgecrew Checkov 2.0.59 Paloaltonetworks Bridgecrew Checkov 2.0.60 Paloaltonetworks Bridgecrew Checkov 2.0.61 Paloaltonetworks Bridgecrew Checkov 2.0.62 Paloaltonetworks Bridgecrew Checkov 2.0.63 Paloaltonetworks Bridgecrew Checkov 2.0.64 Paloaltonetworks Bridgecrew Checkov 2.0.65 Paloaltonetworks Bridgecrew Checkov 2.0.66 Paloaltonetworks Bridgecrew Checkov 2.0.67 Paloaltonetworks Bridgecrew Checkov 2.0.68 Paloaltonetworks Bridgecrew Checkov 2.0.69 Paloaltonetworks Bridgecrew Checkov 2.0.70 Paloaltonetworks Bridgecrew Checkov 2.0.71 Paloaltonetworks Bridgecrew Checkov 2.0.72 Paloaltonetworks Bridgecrew Checkov 2.0.73 Paloaltonetworks Bridgecrew Checkov 2.0.74 Paloaltonetworks Bridgecrew Checkov 2.0.75 Paloaltonetworks Bridgecrew Checkov 2.0.76 Paloaltonetworks Bridgecrew Checkov 2.0.77 Paloaltonetworks Bridgecrew Checkov 2.0.78 Paloaltonetworks Bridgecrew Checkov 2.0.79 Paloaltonetworks Bridgecrew Checkov 2.0.80 Paloaltonetworks Bridgecrew Checkov 2.0.81 Paloaltonetworks Bridgecrew Checkov 2.0.82 Paloaltonetworks Bridgecrew Checkov 2.0.83 Paloaltonetworks Bridgecrew Checkov 2.0.84 Paloaltonetworks Bridgecrew Checkov 2.0.85 Paloaltonetworks Bridgecrew Checkov 2.0.86 Paloaltonetworks Bridgecrew Checkov 2.0.87 Paloaltonetworks Bridgecrew Checkov 2.0.88 Paloaltonetworks Bridgecrew Checkov 2.0.89 Paloaltonetworks Bridgecrew Checkov 2.0.90 Paloaltonetworks Bridgecrew Checkov 2.0.91 Paloaltonetworks Bridgecrew Checkov 2.0.92 Paloaltonetworks Bridgecrew Checkov 2.0.93 Paloaltonetworks Bridgecrew Checkov 2.0.94 Paloaltonetworks Bridgecrew Checkov 2.0.95 Paloaltonetworks Bridgecrew Checkov 2.0.96 Paloaltonetworks Bridgecrew Checkov 2.0.97 Paloaltonetworks Bridgecrew Checkov 2.0.98 Paloaltonetworks Bridgecrew Checkov 2.0.99 Paloaltonetworks Bridgecrew Checkov 2.0.100 Paloaltonetworks Bridgecrew Checkov 2.0.101 Paloaltonetworks Bridgecrew Checkov 2.0.102 Paloaltonetworks Bridgecrew Checkov 2.0.103 Paloaltonetworks Bridgecrew Checkov 2.0.104 Paloaltonetworks Bridgecrew Checkov 2.0.105 Paloaltonetworks Bridgecrew Checkov 2.0.106 Paloaltonetworks Bridgecrew Checkov 2.0.107 Paloaltonetworks Bridgecrew Checkov 2.0.108 Paloaltonetworks Bridgecrew Checkov 2.0.109 Paloaltonetworks Bridgecrew Checkov 2.0.110 Paloaltonetworks Bridgecrew Checkov 2.0.111 Paloaltonetworks Bridgecrew Checkov 2.0.112 Paloaltonetworks Bridgecrew Checkov 2.0.113 Paloaltonetworks Bridgecrew Checkov 2.0.114 Paloaltonetworks Bridgecrew Checkov 2.0.115 Paloaltonetworks Bridgecrew Checkov 2.0.116 Paloaltonetworks Bridgecrew Checkov 2.0.117 Paloaltonetworks Bridgecrew Checkov 2.0.118 Paloaltonetworks Bridgecrew Checkov 2.0.119 Paloaltonetworks Bridgecrew Checkov 2.0.120 Paloaltonetworks Bridgecrew Checkov 2.0.121 Paloaltonetworks Bridgecrew Checkov 2.0.122 Paloaltonetworks Bridgecrew Checkov 2.0.123 Paloaltonetworks Bridgecrew Checkov 2.0.124 Paloaltonetworks Bridgecrew Checkov 2.0.125 Paloaltonetworks Bridgecrew Checkov 2.0.126 Paloaltonetworks Bridgecrew Checkov 2.0.127 Paloaltonetworks Bridgecrew Checkov 2.0.128 Paloaltonetworks Bridgecrew Checkov 2.0.129 Paloaltonetworks Bridgecrew Checkov 2.0.130 Paloaltonetworks Bridgecrew Checkov 2.0.131 Paloaltonetworks Bridgecrew Checkov 2.0.132 Paloaltonetworks Bridgecrew Checkov 2.0.133 Paloaltonetworks Bridgecrew Checkov 2.0.134 Paloaltonetworks Bridgecrew Checkov 2.0.135 Paloaltonetworks Bridgecrew Checkov 2.0.136 Paloaltonetworks Bridgecrew Checkov 2.0.137 Paloaltonetworks Bridgecrew Checkov 2.0.138	139

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://security.paloaltonetworks.com/CVE-2021-3040