Lucene search
Nitesh Surana (@_niteshsurana) of Project Nebula, Trend Micro ResearchZDI-23-161HistoryFeb 24, 2023 - 12:00 a.m.
Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
2023-02-2400:00:00
Nitesh Surana (@_niteshsurana) of Project Nebula, Trend Micro Research
www.zerodayinitiative.com
11
azure
machine learning
information disclosure
0.011 Low
EPSS
Percentile
84.1%
This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of credentials within Azure Machine Learning Service workbooks. The issue results from storing sensitive information in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
Related
cve
cve
CVE-2023-23382
2023-02-14 20:15:17
prion
prion
Information disclosure
2023-02-14 20:15:00
nvd
nvd
CVE-2023-23382
2023-02-14 20:15:17
cvelist
cvelist
mscve
mscve
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
2023-02-14 08:00:00
kaspersky
kaspersky
KLA20234 Multiple vulnerabilities in Microsoft Azure
2023-02-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2023
2023-02-15 00:41:59