Описание
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
FAQ
How do I check my Azure Machine Learning Compute Instance runtime version?
To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *
Please view additional details here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get
How do I update my Azure Machine Learning Compute Instance runtime version?
Please reference the guidance provided here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update
What type of information could be disclosed by this vulnerability?
An attacker that successfully exploited this vulnerability could recover any data that is put in the system logs on the Compute Instance including cleartext passwords.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
An attacker must be authenticated and have read privileges to the logs which may contain sensitive information such as cleartext passwords. It does not require admin or other elevated privileges.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Уязвимость программного средства для работы с алгоритмами машинного обучения Azure Machine Learning, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3