CVE-2023-28312
published 2023-04-11CVE-2023-28312: Azure Machine Learning Information Disclosure Vulnerability
PriorityP427medium6.5CVSS 3.1
AVAACLPRNUINSUCHINAN
EPSS
1.75%
75.1th percentile
Azure Machine Learning Information Disclosure Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_machine_learning | >= 3.0.0 < 3.0.02199.0001 | 3.0.02199.0001 |
| msrc | azure_machine_learning | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cvx9-v8g6-qm46: Azure Machine Learning Information Disclosure Vulnerability
ghsa_unreviewed·2023-04-11
CVE-2023-28312 [MEDIUM] GHSA-cvx9-v8g6-qm46: Azure Machine Learning Information Disclosure Vulnerability
Azure Machine Learning Information Disclosure Vulnerability
Microsoft
Azure Machine Learning Information Disclosure Vulnerability
vendor_msrc·2023-04-11·CVSS 6.5
CVE-2023-28312 [MEDIUM] CWE-284 Azure Machine Learning Information Disclosure Vulnerability
Azure Machine Learning Information Disclosure Vulnerability
FAQ: How do I check my Azure Machine Learning Compute Instance runtime version?
To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *
Please view additional details here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get
How do I update my Azure Machine Learning Compute Instance runtime version?
Please reference the guidance provided here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-11
Published