Vulnerabilities > CVE-2024-38206 - Server-Side Request Forgery (SSRF) vulnerability in Microsoft Copilot Studio

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

CWE-918

NVD

Published: 2024-08-06

Updated: 2024-08-14

Summary

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Copilot Studio -	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38206