Описание
Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
FAQ
What actions does a valid user have to take to be protected against this vulnerability?
Update the image to the latest tag. User data and setting will not be affected by upgrading to the latest tag.
How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by bypassing authentication/authorization to access files located one directory above the intended file upload path.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could potentially download the content of parent folder of the mounted path.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure AI Document Intelligence Studio |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
Уязвимость облачной службы ИИ Azure AI Document Intelligence, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю повысить свои привилегии
EPSS
9.8 Critical
CVSS3