Lucene search

[email protected]NVD:CVE-2023-46666

HistoryOct 26, 2023 - 5:15 p.m.

CVE-2023-46666

2023-10-2617:15:09

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-46666

document level security

limited access

sharepoint

elasticsearch

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

An issue was discovered when using Document Level Security and the SPO “Limited Access” functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

Affected configurations

Nvd

Node

elasticelastic_sharepoint_online_python_connectorRange<8.10.3.0

VendorProductVersionCPE
elasticelastic_sharepoint_online_python_connector*cpe:2.3:a:elastic:elastic_sharepoint_online_python_connector:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elastic	elastic_sharepoint_online_python_connector	*	cpe:2.3:a:elastic:elastic_sharepoint_online_python_connector::::::::

References

discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732

www.elastic.co/community/security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for NVD:CVE-2023-46666

cve1 cvelist1 vulnrichment1 prion1