CVE-2024-38206: Critical Copilot Flaw Exposes Microsoft’s Secrets
Researchers at Tenable have discovered a critical vulnerability in the Microsoft Copilot Studio platform, which allows an attacker to gain access to confidential information through an SSRF attack. The flaw could affect Microsoft’s internal infrastructure and potentially impact multiple clients simultaneously.
The vulnerability enables SSRF attacks, directing server-side HTTP requests to unexpected or unauthorized targets. In the case of Copilot Studio, this allowed researchers to access internal Microsoft resources such as the Instance Metadata Service (IMDS) and internal instances of the Cosmos DB database. Such data could be leveraged for further attacks and the exposure of additional confidential information.
During their investigation, Tenable specialists noted the ability of Copilot Studio to execute HTTP requests, which in itself poses a potential risk. A deeper examination of the function revealed the possibility of manipulating HTTP headers, enabling the bypassing of security mechanisms and directing requests to protected resources like IMDS.
By employing specific evasion techniques, the researchers were able to obtain instance metadata and access tokens, which could be used to access other internal resources. Notably, the specialists managed to identify and access an internal instance of Cosmos DB, which under normal circumstances is only accessible from within Microsoft’s internal infrastructure.
While the information obtained may not be sensitive on its own, access to managed identification tokens opens the door to interactions with other internal resources, significantly increasing the risk. For example, by acquiring an access token, the researchers were able to check the availability of other Azure resources associated with the identification, allowing them to obtain master keys for Cosmos DB, which grants read and write permissions.
The most concerning finding was that the infrastructure used in Copilot Studio is shared among multiple clients, which heightens the potential risk for all users of the platform. This means that an attack on one client could compromise the security of the entire infrastructure and other users.
Microsoft responded swiftly to the vulnerability report, assigning it the identifier CVE-2024-38206 (CVSS score: 8.5) and classifying it as a critical information disclosure issue. The company has begun work on addressing the problem to minimize risks for its clients.
