Vulnerability Description
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Network Drive Connector | < 8.12.1 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-updVendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
- https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-updVendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
FAQ
What is CVE-2024-23447?
CVE-2024-23447 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not...
How severe is CVE-2024-23447?
CVE-2024-23447 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23447?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Network Drive Connector.