// For flags

CVE-2023-29357

Microsoft SharePoint Server Privilege Escalation Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Microsoft SharePoint Server Elevation of Privilege Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ValidateTokenIssuer method. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system.

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

*Credits: Nguyễn Tiến Giang (@testanull) of STAR Labs SG Pte. Ltd.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-04-04 CVE Reserved
  • 2023-06-13 CVE Published
  • 2023-09-26 First Exploit
  • 2024-01-10 Exploited in Wild
  • 2024-01-31 KEV Due Date
  • 2024-08-02 CVE Updated
  • 2024-10-27 EPSS Updated
CWE
  • CWE-303: Incorrect Implementation of Authentication Algorithm
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Sharepoint Server
Search vendor "Microsoft" for product "Sharepoint Server"
2019
Search vendor "Microsoft" for product "Sharepoint Server" and version "2019"
-
Affected