CVE-2024-38206 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-38206 PUBLISHED CVSS 8.5 HIGH

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

EPSS 2.34% · 84.7th percentile

Risk Scores

CVSS v3.1

8.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

EPSS Score

2.34%

84.7th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Copilot Studio	N/A
microsoft	copilot_studio	N/A

Timeline

Aug 6, 2024 CVE Published
Aug 13, 2024 EPSS Score
Aug 13, 2024 PoC Published
Sep 2, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 13, 2024 EPSS Score
Nov 2, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 3, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Mar 5, 2025 EPSS Score
Mar 17, 2025 EPSS Score

References

Microsoft Copilot Studio Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-38206 advisory

Open in Interactive Console →