Description

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."

Remediation

References

CVE-2013-1290

Related Vulnerabilities

MySQL CVE-2020-14576 Vulnerability (CVE-2020-14576)

WordPress Plugin BackWPup Cross-Site Scripting (3.2.3)

WordPress Plugin Social Sharing-Kiwi Security Bypass (2.1.0)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.17)

MySQL CVE-2016-0644 Vulnerability (CVE-2016-0644)

Severity

Low

Classification

CVE-2013-1290 CWE-264

Tags

Missing Update Known Vulnerabilities