VDB

GCVE-110-CLOUD-2022-0001

GCVE-110-CLOUD-2022-0001
Advisory Published
Vulnetix · Advisory published December 22, 2022
Azure Cognitive Search (ACS) is a full-text search engine service. A new non-default feature allowed for a network control to bypassed, permitting an attacker to submit search queries to any other tenant's network-isolated ACS instance. However, abusing this required a valid API key to access the data plane of the target, along with a number of pieces of information about the target environment (such as the subscription ID and the name of the index to query).

Affected Products

VendorProductVersionsPlatforms
AzureCognitive Search
AzureCloud Services

References

ACSESSED
advisory
advisory

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›