Description
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5830 Vulnerability (CVE-2013-5830)
Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1010054)
Kong Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
WordPress Plugin WooCommerce Social Login PHP Object Injection (2.6.2)
WordPress Plugin Infographic Maker-iList Unspecified Vulnerability (2.7.0)