We use cookies to improve your experience on our site.
AVID-2026-R1181
Description
Azure Machine Learning Compute Instance Information Disclosure Vulnerability (CVE-2023-23382)
Details
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Reason for inclusion in AVID: CVE-2023-23382 describes an information disclosure vulnerability in Azure Machine Learning Compute Instance, a component used to run AI workloads. This is a software vulnerability affecting an AI platform used in ML pipelines, thus relevant to the AI supply chain (GP AI systems). The vulnerability impacts confidentiality (information disclosure) and is documented with CVSS 3.1 and CWE-257; references from NVD and Microsoft provide evidence. Therefore it should be kept for AVID curation.
References
Affected or Relevant Artifacts
- Developer: Microsoft
- Deployer: Microsoft
- Artifact Details:
| Type | Name |
|---|---|
| System | Azure Machine Learning |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
| Base Score | 6.5 |
| Base Severity | 🟠 Medium |
CWE
| ID | Description |
|---|---|
| CWE-257 | CWE-257: Storing Passwords in a Recoverable Format |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-02-14
- Version: 0.3.3
- AVID Entry