CVE-2023-35625: 
Python vulnerability analysis and mitigation

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability (CVE-2023-35625) was disclosed on December 12, 2023. This vulnerability affects Microsoft Azure Machine Learning Software Development Kit versions up to (excluding) 1.5.0 (NVD, MSRC).

The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates local access is required, high attack complexity, low privileges needed, no user interaction, and potential for high confidentiality impact without affecting integrity or availability. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability could lead to unauthorized disclosure of sensitive information in Azure Machine Learning Compute Instance environments. The impact is primarily focused on confidentiality breaches, with no direct impact on system integrity or availability (MSRC).

Microsoft has addressed this vulnerability in Azure Machine Learning SDK version 1.5.0. Users are advised to upgrade to this version or later to mitigate the risk (NVD).

The vulnerability was part of Microsoft's December 2023 Patch Tuesday release, which addressed a total of 34 security flaws. This particular vulnerability was rated as 'Important' severity by Microsoft (Bleeping Computer).