MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure
2013-04-09 This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Incorrect Access Rights Information Disclosure Vulnerability
- An information disclosure vulnerability exists in the way that SharePoint Server enforces access controls on specific SharePoint Lists.
CVE-2013-1290
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
Max CVSS
3.5
EPSS Score
0.54%
Published
2013-04-09
Updated
2018-10-12