← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-29357 — Actively Exploited: SharePoint Server (Microsoft)

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

CVE IDCVE-2023-29357
VendorMicrosoft
ProductSharePoint Server
Vulnerability nameMicrosoft SharePoint Server Privilege Escalation Vulnerability
Date added2024-01-10
Remediation due2024-01-31
Known ransomware useKnown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →