An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
History

Mon, 12 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:copilot_studio:-:*:*:*:*:*:*:*

Wed, 07 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 06 Aug 2024 21:45:00 +0000

Type Values Removed Values Added
Description An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
Title Microsoft Copilot Studio Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft copilot Studio
Weaknesses CWE-918
CPEs cpe:2.3:a:microsoft:copilot_studio:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft copilot Studio
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2024-08-06T21:38:19.248Z

Updated: 2024-10-16T01:53:56.425Z

Reserved: 2024-06-11T22:36:08.222Z

Link: CVE-2024-38206

cve-icon Vulnrichment

Updated: 2024-08-07T14:11:52.490Z

cve-icon NVD

Status : Modified

Published: 2024-08-06T22:15:54.430

Modified: 2024-08-14T00:15:08.213

Link: CVE-2024-38206

cve-icon Redhat

No data.