CVE-2020-0933

Name of the Vulnerable Software and Affected Versions SharePoint Server (affected versions not specified) SharePoint Foundation (affected versions not specified) SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to the failure to protect the web page structure, which could allow a remote attacker to perform cross-site scripting attacks using a specially crafted request. An information disclosure vulnerability exists, enabling an attacker to read arbitrary files on the server by sending a specially crafted request to a susceptible SharePoint Server instance.

Recommendations For SharePoint Server, consider restricting access to sensitive files and directories until a fix is available. For SharePoint Foundation, restrict access to vulnerable API endpoints, such as /api/v1/files, to minimize the risk of exploitation. For SharePoint Enterprise Server, as a temporary workaround, consider disabling the fileReader function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.