Copilot Studio Information Disclosure Vulnerability
CVE-2024-43610

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Copilot Studio
Vendor: CVE Published:; 9 October 2024

What is CVE-2024-43610?

The vulnerability in Microsoft Copilot Studio enables an unauthorized attacker to exploit a network attack vector to gain access to sensitive information. This exposure occurs due to insufficient safeguards in the application, allowing unauthenticated users to retrieve confidential data that should remain protected. The issue underscores the importance of implementing robust security measures to prevent unauthorized information disclosure and protect user privacy.

Affected Version(s)

Microsoft Copilot Studio Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2024