Описание
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.10.3.0 (исключая)
cpe:2.3:a:elastic:elastic_sharepoint_online_python_connector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00089
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
EPSS
Процентиль: 26%
0.00089
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo