CVE-2013-1290

Description

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a lists location, aka "Incorrect Access Rights Information Disclosure Vulnerability."