Lucene search

[email protected]CVE-2024-23447

HistoryFeb 07, 2024 - 4:15 a.m.

CVE-2024-23447

2024-02-0704:15:07

CWE-284

[email protected]

web.nvd.nist.gov

cve-2024-23447

windows

network drive connector

document level security

nvd

file permissions

search applications.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.

Affected configurations

NVD

Node

elasticnetwork_drive_connectorRange<8.12.1

CPENameOperatorVersion
elastic:network_drive_connectorelastic network drive connectorlt8.12.1

CPE	Name	Operator	Version
elastic:network_drive_connector	elastic network drive connector	lt	8.12.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Elastic Network Drive Connector",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThan": "8.12.1",
        "status": "affected",
        "version": "8.11.0",
        "versionType": "semver"
      }
    ]
  }
]

References

discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687

www.elastic.co/community/security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVE-2024-23447

nvd1 cvelist1 prion1 vulnrichment1