Elastic Network Drive Connector Improper Access Control (ESA-2024-02)
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read.
Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
Elastic Network Drive Connector before 8.12.1.
Solutions and Mitigations:
The issue is resolved in Elastic Network Drive Connector v8.12.1 and above
CVSSv3: 5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE ID: CVE-2024-23447