Onedrive Microsoft Onedrive

stack.watch can notify you when security vulnerabilities are reported in Microsoft Onedrive. You can add multiple products that you use with Onedrive to create your own personal software stack watcher.

By the Year

In 2020 there have been 6 vulnerabilities in Microsoft Onedrive with an average score of 7.3 out of ten. Last year Onedrive had 0 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 6 7.28
2019 0 0.00
2018 2 7.80

It may take a day or so for new Onedrive vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Onedrive Security Vulnerabilities

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-16851 7.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853.

CVE-2020-16851 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

insecure temporary file

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-16852 7.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853.

CVE-2020-16852 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Improper Privilege Management

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-16853 7.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852.

CVE-2020-16853 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

insecure temporary file

An elevation of privilege vulnerability exists in Microsoft OneDrive

CVE-2020-1465 7.8 - High - July 14, 2020

An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of Privilege Vulnerability'.

CVE-2020-1465 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-0935 5.5 - Medium - April 15, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'.

CVE-2020-0935 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Privilege Management

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could

CVE-2020-0654 9.1 - Critical - January 14, 2020

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'.

CVE-2020-0654 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Improper Privilege Management

Untrusted search path vulnerability in Microsoft OneDrive

CVE-2018-0592 7.8 - High - June 26, 2018

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2018-0592 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

426

Untrusted search path vulnerability in the installer of Microsoft OneDrive

CVE-2018-0593 7.8 - High - June 26, 2018

Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2018-0593 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

426