CVE-2023-46666

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the...

Code injection

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the...

CVE-2023-46666

Summary: CVE-2023-46666 affects Elastic Sharepoint Online Python Connector. The issue arises when using Document Level Security with the SPO “Limited Access” feature: a user granted limited access to a single item could read all content on the SharePoint site through Elasticsearch. Affected compo...

PT-2023-30150 · Elastic · Sharepoint Online Python Connector

Name of the Vulnerable Software and Affected Versions: Elastic Sharepoint Online Python Connector affected versions not specified Description: An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a...