CVE-2023-29357
Microsoft SharePoint Server Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
Microsoft SharePoint Server Elevation of Privilege Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ValidateTokenIssuer method. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system.
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-04-04 CVE Reserved
- 2023-06-13 CVE Published
- 2023-09-26 First Exploit
- 2024-01-10 Exploited in Wild
- 2024-01-31 KEV Due Date
- 2024-08-02 CVE Updated
- 2024-10-27 EPSS Updated
CWE
- CWE-303: Incorrect Implementation of Authentication Algorithm
CAPEC
References (6)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/Chocapikk/CVE-2023-29357 | 2023-09-26 | |
https://github.com/LuemmelSec/CVE-2023-29357 | 2023-10-01 | |
https://github.com/KeyStrOke95/CVE-2023-29357-ExE | 2023-10-10 | |
https://github.com/Jev1337/CVE-2023-29357-Check | 2024-01-01 | |
https://github.com/AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357 | 2024-09-12 |
URL | Date | SRC |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 | 2024-06-10 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2019 Search vendor "Microsoft" for product "Sharepoint Server" and version "2019" | - |
Affected
|