An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2023-10-26T16:16:10.888Z

Updated: 2024-09-09T15:51:59.819Z

Reserved: 2023-10-24T17:28:32.185Z

Link: CVE-2023-46666

cve-icon Vulnrichment

Updated: 2024-08-02T20:53:21.650Z

cve-icon NVD

Status : Modified

Published: 2023-10-26T17:15:09.270

Modified: 2024-11-21T08:29:01.290

Link: CVE-2023-46666

cve-icon Redhat

No data.