Copilot Studio information disclosure via SSRF

Published Tue, Aug 20th, 2024

Platforms

azure

Summary

Affected Services

Copilot Studio

Tracked CVEs

CVE-2024-38206

References

https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio

Entry Status

Stub

Disclosure Date

-

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Tenable

More vulnerabilities...

high

WireServing Up Credentials in Azure Kubernetes Services

azure

A vulnerability in Azure Kubernetes Services allowed attackers to escalate privileges and access cluster credentials. Affected clusters used Azure CNI for network configuration and Azure for networ...

Nick McClendon, Daniel McNa...
high

AWS Direct Connect route injection issue

aws

A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP, effectively hijacking AWS-sourced traffic. This resulted in connectivity...

Jamie Finnigan

Azue Health privilege escalation via SSRF

azure
Tenable
View all