Chronosphere Chronocollector
Monthly
Unauthenticated information disclosure in Palo Alto Networks' Chronosphere Chronocollector exposes sensitive data to any attacker with adjacent network access to the collector service endpoint. All versions from 0.0.0 up to v0.116.0 are affected, with the fix released in v0.116.0. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog, but the CVSS 4.0 Value Density modifier of 'Concentrated' (V:C) suggests the data at risk may include high-value material such as credentials or configuration secrets.
Unauthenticated information disclosure in Palo Alto Networks' Chronosphere Chronocollector exposes sensitive data to any attacker with adjacent network access to the collector service endpoint. All versions from 0.0.0 up to v0.116.0 are affected, with the fix released in v0.116.0. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog, but the CVSS 4.0 Value Density modifier of 'Concentrated' (V:C) suggests the data at risk may include high-value material such as credentials or configuration secrets.