⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-8580

CWE-200Information Exposure5 documents5 sources
Severity
4.3MEDIUM
EPSS
11.0%
top 6.58%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Microsoft SharepointMicrosoft Sharepoint Server
Timeline
PublishedDec 12
Latest updateMay 13

Description

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDmicrosoft/sharepoint_server2010, 2013, 2016+2
CVEListV5microsoft/microsoft_sharepointEnterprise Server 2013 Service Pack 1, Enterprise Server 2016, Foundation 2010 Service Pack 2+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-phxm-v2jv-4gg8: An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site2022-05-13
CVEList
CVE-2018-8580: An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site2018-12-12
VulnCheck
Microsoft SharePoint Exposure of Sensitive Information to an Unauthorized Actor2018

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Information Disclosure Vulnerability2018-12-11
CVE-2018-8580 (MEDIUM CVSS 4.3) | An information disclosure vulnerabi | cvebase.io