Описание
Microsoft Teams Information Disclosure Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
This vulnerability could disclose sensitive information, which might include a user's full trust token.
How could an attacker exploit the vulnerability?
In a network-based attack, an attacker could host a site containing malicious code. When a target accesses that site, it could force open a full trust application and potentially obtain a user's full trust token.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires that a user navigate to a malicious site hosted on *.sharepoint.com.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft Teams Information Disclosure Vulnerability
Уязвимость корпоративной платформы Microsoft Teams, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю получить несанкционированный доступ к информации
EPSS
6.5 Medium
CVSS3