CVE-2024-23447

An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
elasticCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
elasticnetwork_drive_connector
𝑥
< 8.12.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687
https://www.elastic.co/community/security
https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687
https://www.elastic.co/community/security