Critical server-side vulnerability in Microsoft Copilot Studio allows illegal access to internal infrastructure
A critical vulnerability has been discovered in Microsoft’s Copilot Studio that poses significant risks to sensitive internal data. The flaw, identified as a server-side request forgery (SSRF), allows unauthorized access to internal infrastructure, potentially impacting multiple tenants.
The vulnerability discovered by Tenable’s research team is attributed to improper handling of redirect status codes in user-configurable actions, allowing attackers to manipulate HTTP requests.
This vulnerability is tracked as CVE-2024-38206 and has a CVSS score of 8.5, which indicates a critical severity level. Microsoft has confirmed that this issue has been addressed as of July 31, 2024, and users do not need to take any further action.
Server-Side Request Forgery (SSRF) may have broader implications
The SSRF vulnerability identified in Copilot Studio stems from the manipulation of an application to make server-side HTTP requests to unintended targets or locations. This manipulation could lead to unauthorized access to internal resources that are normally protected. In essence, an attacker could exploit this flaw to make requests to sensitive internal resources on behalf of the application, potentially exposing sensitive data.
In the case of Copilot Studio, the SSRF vulnerability could have been exploited to gain access to Microsoft’s Instance Metadata Service (IMDS). The IMDS is a common target for SSRF attacks in cloud environments because it can yield information such as managed identity access tokens. These tokens can then be used to gain further access to shared resources within the environment, including databases.
For example, if you gain access to a Cosmos DB where sensitive data is stored, you could compromise the integrity and confidentiality of the data. This could lead to broader security breaches and potential data leaks that affect multiple customers.
This discovery is not an isolated incident. It follows Tenable’s previous findings of vulnerabilities across several Microsoft services, including the Azure Health Bot service, Azure Service Tags, and multiple vulnerabilities within the Azure API Management service. The pattern highlights a concerning trend in the security posture of Microsoft’s cloud offerings, particularly as they rapidly expand in a competitive market.
“In the context of cloud applications, a common target is the Instance Metadata Service (IMDS), which, depending on the cloud platform, can provide useful, potentially sensitive information to an attacker. In this case, we were able to retrieve managed identity access tokens from the IMDS. No information beyond using Copilot Studio was required to exploit this flaw,” explained Jimi Sebree, senior staff research engineer at Tenable.
“As with some of the previous vulnerabilities found by our research team, this vulnerability demonstrates that mistakes can be made when companies rush to be first to market in a new or fast-growing market,” Sebree concluded.