info@thehackernews.com (The Hacker News)
2025-02-03 23:29:00
thehackernews.com
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs said in a report shared with The Hacker News ahead of publication.
“This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, which significantly broadens the scope of potential damage,” senior security researcher Dmitry Lozovoy said.
“It increases the likelihood of a successful attack, allowing hackers to target multiple interconnected services within the Power Platform ecosystem.”
Following responsible disclosure in September 2024, Microsoft addressed the security hole, assessed with an “Important” severity assessment, as of December 13.
Microsoft Power Platform is a collection of low-code development tools that allow users to facilitate analytics, process automation, and data-driven productivity applications.
The vulnerability, at its core, is an instance of server-side request forgery (SSRF) stemming from the use of the “custom value” functionality within the SharePoint connector that permits an attacker to insert their own URLs as part of a flow.
However, in order for the attack to be successful, the rogue user will need to have an Environment Maker role and the Basic User role in Power Platform. This also means that they would need to first gain access to a target organization through other means and acquire these roles.
“With the Environment Maker role, they can create and share malicious resources like apps and flows,” Zenity told The Hacker News. “The Basic User role allows them to run apps and interact with resources they own in Power Platform. If the attacker doesn’t already have these roles, they would need to gain them first.”
In a hypothetical attack scenario, a threat actor could create a flow for a SharePoint action and share it with a low-privileged user (read victim), resulting in a leak of their SharePoint JWT access token.
Armed with this captured token, the attacker could send requests outside of the Power Platform on behalf of the user to whom access was granted to.
That’s not all. The vulnerability could be extended further to other services like Power Apps and Copilot Studio by creating a seemingly benign Canvas app or a Copilot agent to harvest a user’s token, and escalate access further.
“You can take this even further by embedding the Canvas app into a Teams channel, for example,” Zenity noted. “Once users interact with the app in Teams, you can harvest their tokens just as easily, expanding your reach across the organization and making the attack even more widespread.”
“The main takeaway is that the interconnected nature of Power Platform services can result in serious security risks, especially given the widespread use of the SharePoint connector, which is where a lot of sensitive corporate data is housed, and it can be complicated to ensure proper access rights are maintained throughout various environments.”
The development comes as Binary Security detailed three SSRF vulnerabilities in Azure DevOps that could have been abused to communicate with the metadata API endpoints, thereby permitting an attacker to glean information about the machine’s configuration.
Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.
Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.
Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!
Help Power Techcratic’s Future – Scan To Support
If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.
As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!
BITCOIN bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge Scan the QR code with your crypto wallet app |
DOGECOIN D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA Scan the QR code with your crypto wallet app |
ETHEREUM 0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a Scan the QR code with your crypto wallet app |
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.