Researchers revealed a significant vulnerability in Microsoft Power Platform's SharePoint connector that could allow malicious actors to harvest user credentials. This exploit could facilitate unauthorized access to sensitive data through various interlinked services like Power Automate and Power Apps. Microsoft promptly addressed the security hole assessed as 'Important' in December 2024 following responsible disclosure. The exploit involves server-side request forgery (SSRF) and requires attackers to have specific user roles, demonstrating the layered security in the platform that attackers must navigate to succeed.
This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, significantly broadening the scope of potential damage.
With the Environment Maker role, they can create and share malicious resources like apps and flows. The Basic User role allows them to ...
Collection
[
|
...
]