VDB

GCVE-110-CLOUD-2024-0029

GCVE-110-CLOUD-2024-0029
Advisory Published
Vulnetix · Advisory published June 17, 2024
Certain API endpoints on ml.azure.com and ai.azure.com used for adding/viewing data connections could be leveraged for server side request forgeries (SSRF). While they do have protections to restrict making requests to internal hosts, it was possible to circumvent those protections using a 301 or 302 redirect response which points to a sensitive host.

Affected Products

VendorProductVersionsPlatforms
AzureAzure Machine Learning
AzureMachine Learning
AzureCloud Services

References

advisory
advisory
advisory

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›