6.5
CVE-2023-46666
- EPSS 0.09%
- Veröffentlicht 26.10.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 08:29:01
- Quelle bressers@elastic.co
- CVE-Watchlists
- Unerledigt
LoginElastic Sharepoint Online Python Connector Improper Access Control
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elastic ≫ Elastic Sharepoint Online Python Connector Version < 8.10.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.259 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| bressers@elastic.co | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.