TLDR;<p>ZDI-CAN-22101 – CreateAttachmentFromURI Server-Side Request Forgery<p>To sum up, the following attack scenario is possible:<p>• The attacker authenticates to OWA.<p>• The attacker creates a new draft message.<p>• The attacker invokes CreateAttachmentFromUri, triggering the SSRF.<p>• The response of the SSRF gets added to the mail message as an attachment.<p>• The attacker downloads the attachment and retrieves the response content.