Cybersecurity researchers have revealed details of the vulnerability affecting Microsoft affecting Microsoft Connector SharePoint upon Platform of Power This, if used successfully, can allow the threat to gather the user’s powers and subsequent next attacks.
This may manifest as actions after operation that allows the attacker to send requests to API SharePoint on behalf of the withdrawal user, allowing unauthorized access to sensitive data, the said.
“This vulnerability can be used via Power Automate, Power Apps, Copilot Studio and Copilot 365, which greatly expands the scale of potential damage,” said the senior security researcher Dmitry Lazava.
“This increases the likelihood of a successful attack, allowing hackers to focus on several interconnected services in the Power Platform ecosystem.”
Following the responsible disclosure of information in September 2024, Microsoft addressed the safety hole, assessed by an “important” assessment of the severity as of December 13.
Microsoft Power Platform is a low code development collection that allow users to promote analytics, automation of processes and applications caused by data.
Inherently vulnerability-is an instance of forgery of a request on the server (Ssrf) Following the use of the “custom value” function in the SharePoint connector that allows the attacker to insert your own URL -dashes as part of the flow.
However, in order for the attack to be successful, the user will need to have The role of the environmental manufacturer and The main role of the user On the Power Platform. It also means that they will need to first access the target organization in other ways and acquire these roles.
“With the role of the environmental manufacturer, they can create and share malicious resources such as applications and flows,” said Zenity The Hacker News. “The main role of the user allows them to launch applications and interact with the resources they possess on the Power Platform. If the attacker does not have these roles yet, they would need to get them first.”
In a hypothetical attack scenario, the threatening actor can create a sharePoint action stream and share it with a low -income user (read victim), which will leak their JWT SharePoint access marker.
Armed with this captured token, the attacker could send requests on the power platform on the username provided access.
That’s not all. The vulnerability can be extended further to other services such as Power Apps and Copilot Studio, creating a seemingly benign canvas app, or Copilot agent to collect the user marker and expand access to.
“You can take it even more by built, for example, into the team channel,” Zenity said. “Once the users interact with the team app, you can assemble your tokens just as easily, expanding its reach throughout the organization and making the attack even wider.”
“The main conclusion is that the interconnected nature of the power platform services can lead to serious safety risks, especially given the widespread use of the SharePoint connector, which houses many sensitive corporate data, and it may be difficult to provide proper access right in different conditions ”.
Development comes as binary security minute Three SSRF’s three vulnerabilities in Azure Devops that could be abused to chat with Final points of metadata APIIn doing so, allowing an attacker to get information about the machine’s configuration.
