- Safety researchers uncover a bug in Microsoft’s SharePoint connector on Energy Platform
- A server-side request forgery flaw may have allowed risk actors to steal folks’s login credentials
- It has been patched, however customers ought to nonetheless replace as quickly as attainable
Consultants have warned Microsoft’s SharePoint connector on Energy Platform was weak to a server-side request forgery (SSRF) flaw which may have allowed risk actors to steal folks’s login credentials.
Cybersecurity researchers from Zenity Labs not too long ago detailed their findings in an in-depth technical evaluation, explaining how, in essence, risk actors may use the “customized worth” characteristic in a SharePoint connector, which might permit them so as to add a customized URL in a circulate. To do this, they might first must have entry to an Surroundings Maker function, and the Fundamental Person function, inside Energy Platform.
Within the weblog, Zenity defined why entry to the Surroundings Maker function is crucial for the assault to work: “The Surroundings Maker function permits you to create apps, flows, and connections, and share them with others in your group,” the article reads. “The Fundamental Person function allows you to run apps and work together with information you personal (e.g., Account, Contact).”
Making a circulate
An attacker may create a circulate for a SharePoint motion, and share it with the sufferer, which might find yourself leaking their SharePoint JWT entry token. The crooks may then use this token to impersonate the sufferer and ship requests exterior the Energy Platform.
Zenity added that the vulnerability may be abused in Energy Apps, or Copilot Studio.
“You’ll be able to take this even additional by embedding the Canvas app right into a Groups channel, for instance,” Zenity famous. “As soon as customers work together with the app in Groups, you’ll be able to harvest their tokens simply as simply, increasing your attain throughout the group and making the assault much more widespread.”
Microsoft was notified concerning the vulnerability in September 2024, and patched it in mid-December final yr.
Microsoft SharePoint is an on-line collaboration and doc administration platform that allows organizations to retailer, share, and handle content material, workflows, and purposes securely.