Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructure

0
8

A critical vulnerability has been discovered in Microsoft’s Copilot Studio, posing significant risks to sensitive internal data. This flaw, identified as a server-side request forgery (SSRF), allows unauthorized access to internal infrastructure, potentially impacting multiple tenants.

The flaw identified by Tenable’s Research Team is attributed to improper handling of redirect status codes in user-configurable actions, which allows attackers to manipulate HTTP requests.

LEAVE A REPLY

Please enter your comment!
Please enter your name here