CVE-2018-8580

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified)

Description An information disclosure issue exists due to certain modes of the search function in Microsoft SharePoint Server being vulnerable to cross-site search attacks, a variant of cross-site request forgery (CSRF). When users are logged in to Microsoft SharePoint Server and visit a malicious web page, an attacker can induce the browser to invoke search queries as the logged-in user. Although the attacker cannot access search results or documents directly, they can determine if a query returned results, allowing them to discover facts about searchable documents for the logged-in user by issuing targeted queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.