CVE-2023-23382
published 2023-02-14CVE-2023-23382: Azure Machine Learning Compute Instance Information Disclosure Vulnerability
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
3.12%
86.2th percentile
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_machine_learning | >= 3.0.0 < 3.0.02076.0001 | 3.0.02076.0001 |
| msrc | azure_machine_learning | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
vendor_msrc·2023-02-14·CVSS 6.5
CVE-2023-23382 [MEDIUM] CWE-257 Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
FAQ: How do I check my Azure Machine Learning Compute Instance runtime version?
To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *
Please view additional details here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get
How do I update my Azure Machine Learning Compute Instance runtime version?
Please reference the guidance provided here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update
FAQ: What type of information could be disclosed by this vulnerability?
An attacker that successfully exploited this vulnerability could recover an
GHSA
GHSA-3m58-pgrc-g8hf: Azure Machine Learning Compute Instance Information Disclosure Vulnerability
ghsa_unreviewed·2023-02-14
CVE-2023-23382 [MEDIUM] GHSA-3m58-pgrc-g8hf: Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-14
Published