CVE-2023-28312

FAQ

How do I check my Azure Machine Learning Compute Instance runtime version?

To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *

Please view additional details here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get

How do I update my Azure Machine Learning Compute Instance runtime version?

Please reference the guidance provided here: https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

This vulnerability could allow an attacker to disclose system logs but does not allow the attacker to modify any data or make the service unavailable.

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could access the system logs.