Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs said in a report shared with The Hacker News ahead of publication. "This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, which significantly broadens the scope of potential damage," senior security researcher Dmitry Lozovoy said. "It increases the likelihood of a successful attack, allowing hackers to target multiple interconnected services within the Power Platform ecosystem." Following responsible disclosure in September 2024, Microsoft addressed the security hole, assessed with an "Important" severity assessment, as of December 13. Microsoft Power Platform is a collection of low-code development tools that allow users to facilitate analytics, process automation, and data-driven productivity applications. The vulnerability, at its core, is an instance of server-side request forgery (SSRF) stemming from the use of the "custom value" functionality within the SharePoint connector that permits an attacker to insert their own URLs as part of a flow….Read More
References
Back to Main