Описание
Azure AI Search Information Disclosure Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could obtain sensitive API Keys.
What actions do customers need to take to protect themselves from this vulnerability?
The vulnerability has been mitigated by a recent update to Azure AI Search's backend infrastructure. Customers who are required to rotate specific credentials have been notified through Azure Service Health Alerts under TrackingID: WL1G-3TZ. See here for information on how to view Azure Service Health Alerts in the Azure Portal.
Customers who did not receive this Azure Service Health Alert do not need to take any action to be protected against this vulnerability.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Azure AI Search Information Disclosure Vulnerability
Уязвимость поисковой системы на базе искусственного интеллекта Azure AI Search, связанная с использованием предустановленных учетных данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
7.3 High
CVSS3