CVE-2020-16942

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description: An information disclosure issue exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. This could allow an attacker to view the folder path of scripts loaded on the page. To exploit this issue, an attacker would require access to the specific SharePoint page affected. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: For Microsoft SharePoint Server, update the software to correct how scripts are referenced on some SharePoint pages. For Microsoft SharePoint Foundation, update the software to correct how scripts are referenced on some SharePoint pages. For Microsoft SharePoint Enterprise Server, update the software to correct how scripts are referenced on some SharePoint pages. As a temporary workaround, consider restricting access to the affected SharePoint pages until a patch is available.