#VU16450 Cross-site search attacks in Microsoft SharePoint Server - CVE-2018-8580
Published: December 11, 2018
Vulnerability identifier: #VU16450
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-8580
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft SharePoint Server
Microsoft SharePoint Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote authenticated attacker to perform cross-site search attacks.
The weakness exists due to insufficient CSRF protections in certain modes of the search function in Microsoft SharePoint Server. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, induce the browser to invoke search queries as the logged in user through standard browser functionality to determine whether the query did return results or not, and thus by issuing targeted queries discover facts about documents that are searchable for the logged-in user.
The weakness exists due to insufficient CSRF protections in certain modes of the search function in Microsoft SharePoint Server. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, induce the browser to invoke search queries as the logged in user through standard browser functionality to determine whether the query did return results or not, and thus by issuing targeted queries discover facts about documents that are searchable for the logged-in user.
Remediation
Install updates from vendor's website.