When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
A critical vulnerability has been discovered inMicrosofts Copilot Studio, posing significant risks to sensitive internal data.
This vulnerability is tracked asCVE-2024-38206and has a CVSS score of 8.5, indicating its critical severity level.
This manipulation can lead to unauthorized access to internal resources that are typically protected.
The IMDS is a common target for SSRF attacks incloud environmentsbecause it can yield information such asmanaged identity accesstokens.
These tokens can then be used to gain further access to shared resources within the environment, including databases.
This discovery is not an isolated incident.
In this case, we were able to retrieve managed identity access tokens from the IMDS.
