GSD-2020-16941

Vulnerability from gsd - Updated: 2023-12-13 01:21
Details
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
Aliases
Aliases
CVE-2020-16941
To clipboard 

{
  "GSD": {
    "alias": "CVE-2020-16941",
    "description": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",
    "id": "GSD-2020-16941"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-16941"
      ],
      "details": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",
      "id": "GSD-2020-16941",
      "modified": "2023-12-13T01:21:46.360525Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-16941",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft SharePoint Enterprise Server 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SharePoint Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SharePoint Foundation 2010 Service Pack 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SharePoint Foundation 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\u003cp\u003eAn information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.\u003c/p\u003e\n\u003cp\u003eTo take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.\u003c/p\u003e\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "F71184B1-7461-4A05-A5D2-03D9EDDC30D5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "\u003cp\u003eAn information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.\u003c/p\u003e\n\u003cp\u003eTo take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.\u003c/p\u003e\n"
          },
          {
            "lang": "es",
            "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft SharePoint Server divulga inapropiadamente su estructura de carpetas al renderizar p\u00e1ginas web espec\u00edficas, tambi\u00e9n se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953"
          }
        ],
        "id": "CVE-2020-16941",
        "lastModified": "2023-12-31T20:15:55.787",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.5,
              "impactScore": 3.6,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-10-16T23:15:15.757",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.