Elastic Network Drive Connector Improper Access Control (ESA-2024-02)
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read.
Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
Affected Versions:
Elastic Network Drive Connector before 8.12.1.
Solutions and Mitigations:
The issue is resolved in Elastic Network Drive Connector v8.12.1 and above
CVSSv3: 5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE ID: CVE-2024-23447