CVE-2023-28288: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Spoofing Vulnerability (CVE-2023-28288) was disclosed in April 2023. The vulnerability affects multiple versions of SharePoint Server including SharePoint Foundation 2013 SP1, SharePoint Server Subscription Edition, SharePoint Server 2013 SP1 Enterprise, SharePoint Server 2016 Enterprise, and SharePoint Server 2019 (NVD).

The vulnerability exists within the WSSXmlUrlResolver class and stems from improper validation of a URI prior to accessing resources. It has been classified as a Server-Side Request Forgery (SSRF) vulnerability (CWE-918). The vulnerability has a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, low attack complexity, and requiring low privileges (ZDI, NVD).

The vulnerability allows remote authenticated attackers to disclose sensitive information on affected installations of Microsoft SharePoint. An attacker can leverage this vulnerability to disclose information in the context of IUSR (ZDI).

Microsoft has released a security update to address this vulnerability. The fix is included in build 16.0.16130.20314 of the security update package. Users are advised to apply the security update KB5002375 to affected SharePoint Server installations (Microsoft Support).