Researchers from Tenable have recently uncovered a critical vulnerability in the Microsoft Copilot Studio platform that could potentially expose confidential information through an SSRF attack. This error could have a significant impact on Microsoft’s internal infrastructure and potentially affect numerous customers simultaneously.
This vulnerability enables SSRF-attacks that allow the attacker to direct the server HTTP checks to unexpected or undesirable targets. In the case of Copilot Studio, this flaw provided researchers with access to internal Microsoft resources such as the Instance Metadata Service (IMDS) and internal copies of the Cosmos DB database, which could be exploited for further attacks and the disclosure of additional confidential data.
During their investigation, Tenable experts identified the capability of Copilot Studio to perform HTTP checks, posing a potential risk. Further examination revealed the ability to manipulate HTTP headers, bypassing security measures to send requests to secure resources like IMDS.
By employing specific bypass techniques, researchers were able to retrieve metadata copies and access tokens that could be used to gain entry to other internal resources. Notably, they were able to access the internal copy of Cosmos DB, typically only accessible through Microsoft’s internal infrastructure.
While the accessed information may not be sensitive on its own, obtaining controlled access tokens opens up avenues for interacting with other internal resources, significantly raising the level of risk. For instance, researchers could verify the availability of other Azure resources linked to authentication, granting master privileges for Cosmos DB, including read and write permissions.
Of particular concern is the fact that the infrastructure utilized in Copilot Studio is shared among multiple clients, amplifying the potential risk for all platform users. Consequently, an attack on one client could jeopardize the security of the entire infrastructure and other users.
Microsoft responded promptly to the vulnerability report, assigning it the identifier cve-2024-38206 (CVSS: 8.5) and categorizing it as a critical issue related to information disclosure. The company has initiated efforts to address the problem and mitigate risks for its customers.