Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elastic Sharepoint Online Python Connector Improper Access Control
Vulnerability Description
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Elasticsearch 安全漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch 存在安全漏洞,该漏洞源于在 Elastic Sharepoint Online Python 连接器中使用文档级安全性和 SPO “Limited Access” 功能时,如果为用户分配了对 Sharepoint 站点上某个项目的有限访问权限,则该用户将拥有通过 Elasticsearch 读取 Sharepoint 站点上所有内容的权限。
CVSS Information
N/A
Vulnerability Type
N/A