CVE-2023-46666 Information

Description

An issue was discovered when using Document Level Security and the SPO \Limited Access\ functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

Reference

https://www.elastic.co/community/security https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732