<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>
<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>
<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941 | Patch Vendor Advisory |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941 - Patch, Vendor Advisory |
31 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | <p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p> <p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p> <p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p> | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.1 |
Information
Published : 2020-10-16 23:15
Updated : 2024-11-21 05:07
NVD link : CVE-2020-16941
Mitre link : CVE-2020-16941
CVE.ORG link : CVE-2020-16941
JSON object : View
Products Affected
microsoft
- sharepoint_server
- sharepoint_enterprise_server
- sharepoint_foundation
CWE