What actions do customers need to take to protect themselves from this vulnerability? Only customers using Linux/Ubuntu Data Science Virtual Machines (DSVM) with versions prior to 24.05.24 may be affected. For guidance on how to update your resources, reference the following: Upgrade your Data Science Virtual Machine to Ubuntu 20.04. Customers who deploy DSVMs using CLI or scripts may also need to update the DSVM version specified in their deployment parameters. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted request to the target machine to gain access to credentials of authorized users. This could enable an attacker to impersonate the user and perform any operations the compromised user is permitted to perform. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>