A critical vulnerability has been discovered in Microsoft’s Copilot Studio that poses significant risks to sensitive internal data. This flaw, identified as a Server-Side Request Forgery (SSRF), allows unauthorized access to internal infrastructure, potentially impacting multiple tenants.
The flaw identified by Tenable's research team is attributed to improper handling of redirect status codes in user-configurable actions, allowing attackers to manipulate HTTP requests.
This vulnerability is known as CVE-2024-38206 and has a CVSS score of 8.5, indicating a critical severity level. Microsoft has confirmed that this issue has been resolved as of July 31, 2024, and that users do not need to take any further action.
Server-side request forgery (SSRF) could have broader implications
The SSRF vulnerability identified in Copilot Studio stems from an application being manipulated to make server-side HTTP requests to unintended destinations or locations. This manipulation can lead to unauthorized access to internal resources that are normally protected. Essentially, an attacker could exploit this flaw to make requests on behalf of the application to sensitive internal resources, potentially revealing sensitive data.
In the case of Copilot Studio, the SSRF vulnerability could have been exploited to access Microsoft’s Instance Metadata Service (IMDS). The IMDS is a common target of SSRF attacks in cloud environments because it can provide information such as access tokens to managed identities. These tokens can then be used to gain further access to shared resources within the environment, including databases.
For example, gaining access to a Cosmos database where sensitive data is stored could compromise the integrity and confidentiality of the data, leading to broader security breaches and potential data leaks affecting multiple customers.
This discovery is not an isolated incident. It follows Tenable’s previous findings of vulnerabilities in several Microsoft services, including the Azure Health Bot service, Azure Service Tags, and multiple vulnerabilities within the Azure API Management service. The pattern indicates a worrying trend in the security posture of Microsoft’s cloud offerings, particularly as they rapidly expand in a competitive market.
“In the context of cloud applications, a common target is the Instance Metadata Service (IMDS), which, depending on the cloud platform, can provide useful and potentially sensitive information to an attacker. In this case, we were able to retrieve access tokens to managed identities from the IMDS. No information beyond the use of Copilot Studio was required to exploit this flaw,” explains Jimi Sebree, Senior Research Engineer at Tenable.
“Similar to some of the previous vulnerabilities found by our research team, this vulnerability demonstrates that mistakes can be made when companies rush to be the first to launch products in a new or rapidly expanding space,” Sebree concluded.