CVE-2024-23447

An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:network_drive_connector:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.3
References () https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 - Vendor Advisory () https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 - Vendor Advisory
References () https://www.elastic.co/community/security - Vendor Advisory () https://www.elastic.co/community/security - Vendor Advisory

14 Feb 2024, 20:02

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:elastic:network_drive_connector:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other
First Time Elastic
Elastic network Drive Connector
References () https://www.elastic.co/community/security - () https://www.elastic.co/community/security - Vendor Advisory
References () https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 - () https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 - Vendor Advisory

07 Feb 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 04:15

Updated : 2024-11-21 08:57


NVD link : CVE-2024-23447

Mitre link : CVE-2024-23447

CVE.ORG link : CVE-2024-23447


JSON object : View

Products Affected

elastic

  • network_drive_connector
CWE
CWE-284

Improper Access Control

NVD-CWE-Other