Описание
Azure Promptflow Remote Code Execution Vulnerability
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?
While an attacker can access some data, that data is not customer’s data, or any highly sensitive/critical information; furthermore an attacker cannot affect the availability of the product.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure promptflow-core | ||
| Azure promptflow-tools |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
Azure PromptFlow remote code execution related to Jinja templates
Уязвимость средства разработки приложений ИИ Azure Promptflow, связанная с недостаточным пространственным разделением, позволяющая нарушителю выполнить произвольный код
EPSS
6.5 Medium
CVSS3