Microsoft’s AI flagship, Copilot Studio, doubtlessly threatened the agency’s inner infrastructure. Particularly, a essential SSRF vulnerability affected the Microsoft Copilot Studio, which might expose delicate inner information to an adversary. The tech large patched the flaw following the bug report.
SSRF Vulnerability Discovered In Microsoft Copilot Studio
In line with a latest publish from Tenable, a severe server-side request forgery (SSRF) vulnerability impacted the safety of Microsoft Copilot Studio.
Particularly, the researchers noticed a peculiar performance permitted by the software—a person might ship HTTP requests as prompts. Tempted by this function, the researchers went forward and examined it towards Occasion Metadata Service (IMDS) and Cosmos DB situations.
Initially, they noticed no success when making direct requests. Nonetheless, with a little bit modification within the immediate, the researchers succeeded in bypassing SSRF safety. In addition to, the researchers might redirect the HttpRequestAction
to their very own server, finally making requests to IMDS after some modifications. These modifications embrace the mandatory presence of the header Metadata: true
and the absence of X-Forwarded-For:
header within the requests.
In the end, the researchers might retrieve the occasion metadata from the Copilot’s response in plaintext. Whereas the initially retrieved info was not delicate, Tenable might additionally retrieve identification entry tokens from IMDS, highlighting the severity of the flaw.
Subsequent, the researchers retrieved the Azure subscriptions related to identification entry tokens in hand, which finally revealed a Cosmos DB occasion. Though Cosmos DB entry was restricted to inner Microsoft IP addresses, it did embrace the researchers’ Copilot, which allowed them to retrieve the goal occasion’s endpoint URL. In the end, they might generate a request that allowed them to realize learn/write entry to the interior Cosmos DB occasion.
This vulnerability, CVE-2024-38206, obtained a essential severity ranking and a CVSS rating of 8.5. Tenable’s publish supplies an in depth technical evaluation of the vulnerability and its exploitation course of.
Microsoft Patched The Vulnerability
Upon discovering the vulnerability, Tenable contacted Microsoft to report the matter. In response, Microsoft acknowledged the bug report, crediting Tenable’s Evan Grant for this discovery. It additionally patched the vulnerability, confirming full mitigation in its advisory.
Furthermore, the tech large additionally confirmed requiring no motion from the customers to obtain the repair.
Tell us your ideas within the feedback.