An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2023-10-26T16:16:10.888Z
Updated: 2024-09-09T15:51:59.819Z
Reserved: 2023-10-24T17:28:32.185Z
Link: CVE-2023-46666
Vulnrichment
Updated: 2024-08-02T20:53:21.650Z
NVD
Status : Modified
Published: 2023-10-26T17:15:09.270
Modified: 2024-11-21T08:29:01.290
Link: CVE-2023-46666
Redhat
No data.