Microsoft’s AI flagship, Copilot Studio, doubtlessly threatened the agency’s inner infrastructure. Particularly, a vital SSRF vulnerability affected the Microsoft Copilot Studio, which may expose delicate inner knowledge to an adversary. The tech large patched the flaw following the bug report.
SSRF Vulnerability Discovered In Microsoft Copilot Studio
In response to a current post from Tenable, a critical server-side request forgery (SSRF) vulnerability impacted the safety of Microsoft Copilot Studio.
Particularly, the researchers noticed a peculiar performance permitted by the device—a person may ship HTTP requests as prompts. Tempted by this characteristic, the researchers went forward and examined it in opposition to Occasion Metadata Service (IMDS) and Cosmos DB cases.
Initially, they noticed no success when making direct requests. Nevertheless, with slightly modification within the immediate, the researchers succeeded in bypassing SSRF safety. Moreover, the researchers may redirect the HttpRequestAction to their very own server, finally making requests to IMDS after some modifications. These modifications embody the mandatory presence of the header Metadata: true and the absence of X-Forwarded-For: header within the requests.
Finally, the researchers may retrieve the occasion metadata from the Copilot’s response in plaintext. Whereas the initially retrieved info was not delicate, Tenable may additionally retrieve id entry tokens from IMDS, highlighting the severity of the flaw.
Subsequent, the researchers retrieved the Azure subscriptions related to id entry tokens in hand, which finally revealed a Cosmos DB occasion. Though Cosmos DB entry was restricted to inner Microsoft IP addresses, it did embody the researchers’ Copilot, which allowed them to retrieve the goal occasion’s endpoint URL. Finally, they may generate a request that allowed them to realize learn/write entry to the interior Cosmos DB occasion.
This vulnerability, CVE-2024-38206, acquired a vital severity score and a CVSS rating of 8.5. Tenable’s put up supplies an in depth technical evaluation of the vulnerability and its exploitation course of.
Microsoft Patched The Vulnerability
Upon discovering the vulnerability, Tenable contacted Microsoft to report the matter. In response, Microsoft acknowledged the bug report, crediting Tenable’s Evan Grant for this discovery. It additionally patched the vulnerability, confirming full mitigation in its advisory.
Furthermore, the tech large additionally confirmed requiring no motion from the customers to obtain the repair.
Tell us your ideas within the feedback.
