Azure Open Ai
Monthly
Privilege elevation in Microsoft's Azure OpenAI service allows an authorized (low-privileged) attacker to abuse a server-side request forgery flaw (CWE-918) to force the service backend to issue attacker-controlled network requests, resulting in high confidentiality, integrity, and availability impact. The flaw carries CVSS 8.8 and requires only low privileges over the network with no user interaction, but currently shows no public exploit identified at time of analysis and a modest EPSS of 0.62%. Because Azure OpenAI is a Microsoft-hosted cloud service, remediation is delivered server-side by the vendor rather than requiring customer patching.
Privilege elevation in Microsoft's Azure OpenAI service allows an authorized (low-privileged) attacker to abuse a server-side request forgery flaw (CWE-918) to force the service backend to issue attacker-controlled network requests, resulting in high confidentiality, integrity, and availability impact. The flaw carries CVSS 8.8 and requires only low privileges over the network with no user interaction, but currently shows no public exploit identified at time of analysis and a modest EPSS of 0.62%. Because Azure OpenAI is a Microsoft-hosted cloud service, remediation is delivered server-side by the vendor rather than requiring customer patching.