An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732 | Vendor Advisory |
https://www.elastic.co/community/security | Vendor Advisory |
Configurations
History
07 Nov 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Elastic
Elastic elastic Sharepoint Online Python Connector |
|
References | (MISC) https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732 - Vendor Advisory | |
References | (MISC) https://www.elastic.co/community/security - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:elastic:elastic_sharepoint_online_python_connector:*:*:*:*:*:*:*:* |
26 Oct 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 17:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-46666
Mitre link : CVE-2023-46666
CVE.ORG link : CVE-2023-46666
JSON object : View
Products Affected
elastic
- elastic_sharepoint_online_python_connector
CWE