Unauthorized Access Elevates Privilege Over Network
CVE-2024-49038

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Copilot Studio
Vendor: CVE Published:; 26 November 2024

Summary

A vulnerability exists in Copilot Studio due to improper neutralization of input within web page generation functions. This flaw can be exploited by unauthorized attackers to execute arbitrary scripts in the context of a user's session, leading to potential elevation of privilege across the network. Organizations utilizing Copilot Studio are advised to review security measures, apply necessary updates, and monitor for unauthorized access to safeguard against this threat. For further details, refer to the vendor advisory.

Affected Version(s)

Microsoft Copilot Studio Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 26, 2024