VDB

CVE-2024-38206

CVE-2024-38206 PUBLISHED CVSS 8.5 HIGH

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

EPSS 2.34% · 85.2th percentile

Risk Scores

CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
EPSS Score
2.34%
85.2th percentile

Affected Products

VendorProductVersions
MicrosoftMicrosoft Copilot StudioN/A
microsoftcopilot_studioN/A

Timeline

  • Aug 6, 2024 CVE Published
  • Aug 13, 2024 EPSS Score
  • Aug 13, 2024 PoC Published
  • Sep 3, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 14, 2024 EPSS Score
  • Nov 4, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
  • Jan 28, 2025 EPSS Score
  • Mar 10, 2025 EPSS Score
  • Mar 17, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›