A worrying security flaw could have left Microsoft SharePoint users open to attack
Posted by:
David Wilson
Security researchers recently identified a critical bug in Microsoft’s SharePoint connector on Power Platform that posed a serious threat to user data. The flaw, known as a server-side request forgery (SSRF), could potentially have been exploited by malicious actors to steal login credentials. The researchers from Zenity Labs elaborated on how threat actors could leverage the “custom value” feature in the SharePoint connector to insert a malicious URL into a flow, thereby gaining access to sensitive information. To execute this attack, perpetrators would require specific roles within the Power Platform system. Microsoft was promptly informed about the vulnerability in September 2024 and subsequently released a patch in December of the same year to address the issue and enhance user security. This incident serves as a reminder for all users to ensure their systems are up to date with the latest patches and security measures in place.
Recent Posts1
