CVE-2024-23447 MEDIUM

CVE-2024-23447: Elastic Network Drive Connector Improper Access Control

Vendor Elastic
Product Elastic Network Drive Connector
Weakness CWE-284
Published February 7, 2024
Last update April 24, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.

Key dates

02Disclosure timeline

February 7, 2024 CVE published
April 24, 2025 Record updated