CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-46666

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.4%

CVSS Severity

CVSS v3 Score 5.3

References

https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732
https://www.elastic.co/community/security
https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732
https://www.elastic.co/community/security

Products affected by CVE-2023-46666

Elastic » Elastic Sharepoint Online Python Connector » Version: Any

cpe:2.3:a:elastic:elastic_sharepoint_online_python_connector:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46666

Products

Pricing

Contact Us