Copilot Studio
by Microsoft
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49038 | Cri | 0.61 | 9.3 | 0.01 | Nov 26, 2024 | Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. | ||
| CVE-2024-38206 | Hig | 0.56 | 8.5 | 0.12 | Aug 6, 2024 | An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. | ||
| CVE-2024-43610 | Hig | 0.48 | 7.4 | 0.01 | Oct 9, 2024 | Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector |
- risk 0.61cvss 9.3epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
- risk 0.56cvss 8.5epss 0.12
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
- risk 0.48cvss 7.4epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector