6.5
CVE-2024-23447
- EPSS 0.12%
- Veröffentlicht 07.02.2024 04:15:07
- Zuletzt bearbeitet 21.11.2024 08:57:43
- Quelle bressers@elastic.co
- CVE-Watchlists
- Unerledigt
LoginElastic Network Drive Connector Improper Access Control
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elastic ≫ Network Drive Connector Version < 8.12.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.311 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| bressers@elastic.co | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.