VYPR
Unrated severityNVD Advisory· Published Oct 26, 2023· Updated Sep 9, 2024

Elastic Sharepoint Online Python Connector Improper Access Control

CVE-2023-46666

Description

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.