An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References
| Link | Resource |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103 | Patch Vendor Advisory |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103 - Patch, Vendor Advisory |
Information
Published : 2020-05-21 23:15
Updated : 2024-11-21 05:09
NVD link : CVE-2020-1103
Mitre link : CVE-2020-1103
CVE.ORG link : CVE-2020-1103
JSON object : View
Products Affected
microsoft
- sharepoint_server
- sharepoint_enterprise_server
- sharepoint_foundation
CWE
CWE-352
Cross-Site Request Forgery (CSRF)