Azure Machine Learning SSRF

Published Mon, Jun 17th, 2024

Platforms

Summary

Certain API endpoints on ml.azure.com and ai.azure.com used for adding/viewing data connections could be leveraged for server side request forgeries (SSRF). While they do have protections to restrict making requests to internal hosts, it was possible to circumvent those protections using a 301 or 302 redirect response which points to a sensitive host.

Affected Services

Azure Machine Learning

Remediation

None required.

Tracked CVEs

No tracked CVEs

References

https://www.microsoft.com/en-us/msrc/blog/2024/06/mitigating-ssrf-vulnerabilities-impacting-azure-machine-learning https://www.tenable.com/security/research/tra-2024-22

Entry Status

Stub

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Tenable, Wiz

More vulnerabilities...

high

GitHub Copilot Chat Vulnerable to Data Exfiltration

GitHub Copilot Chat VS Code Extension was vulnerable to data exfiltration via prompt injection when analyzing untrusted source code. The vulnerability allowed attackers to access previous conversat...

wunderwuzzi, Embrace The RedJun 14, 2024

medium

Issue with Amazon EC2 VM Import Export Service

AWS addressed an issue with the Amazon EC2 VM Import Export Service where importing Windows VMs with custom Sysprep answer files resulted in an unprotected backup copy being created, potentially ex...

Immersive LabsJun 11, 2024

high

Issue with AWS Deployment Framework

CVE-2024-37293 affects the AWS Deployment Framework's bootstrap process, potentially allowing privilege escalation if an actor has permissions to change CodeBuild projects or Lambda functions. The ...

Xidian UniversityJun 11, 2024

View all