Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructure

Estimated read time 3 min read



A critical vulnerability has been discovered in Microsoft’s Copilot Studio, posing significant risks to sensitive internal data. This flaw, identified as a server-side request forgery (SSRF), allows unauthorized access to internal infrastructure, potentially impacting multiple tenants.

The flaw identified by Tenable’s Research Team is attributed to improper handling of redirect status codes in user-configurable actions, which allows attackers to manipulate HTTP requests.



Source link

You May Also Like

More From Author

+ There are no comments

Add yours