VDB
CVE-2024-38206
CVE-2024-38206
PUBLISHED
CVSS 8.5 HIGH
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
EPSS 2.34% · 85.2th percentile
Risk Scores
CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
EPSS Score
2.34%
85.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Copilot Studio | N/A |
| microsoft | copilot_studio | N/A |
Timeline
- Aug 6, 2024 CVE Published
- Aug 13, 2024 EPSS Score
- Aug 13, 2024 PoC Published
- Sep 3, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 14, 2024 EPSS Score
- Nov 4, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Jan 28, 2025 EPSS Score
- Mar 10, 2025 EPSS Score
- Mar 17, 2025 EPSS Score