SRC-2021-0018 : Microsoft SharePoint Server OAuth Authorization Code Leak Elevation of Privilege Vulnerability

CVE ID: CVE-2021-31172

CVSS Score: 7.1, (/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

Affected Vendors: Microsoft

Affected Products: SharePoint Server

Vulnerability Details: This vulnerability allows remote attackers to elevate privileges. User interaction is required required to exploit this vulnerability. The specific flaw exists in the oauthauthorize page. The issue results from a missing X-Frame-Options header when performing an authorization code grant. An attacker can leverage this vulnerability to bypass the consent page and disclose the authorization code of a privileged user to gain elevated access.

Vendor Response:

Microsoft has issued an update to correct this vulnerability. More details can be found at: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31172

Disclosure Timeline:

• 2020-10-29 – Sent to Microsoft

• 2021-06-08 – Coordinated public release of advisory

Credit: This vulnerability was discovered by Steven Seeley (mr_me) of Qihoo 360 Vulcan Team