CVE-2024-23447 is a medium-severity vulnerability classified under CWE-284 (Improper Access Control) affecting the Elastic Network Drive Connector version 8.11.0. This vulnerability arises in the context of Windows Network Drive Connector's Document Level Security (DLS) feature, which is designed to enforce fine-grained permissions on files. Specifically, when permissions are set with an explicit allow for write access but a deny for read access, the affected document becomes inaccessible through the Network Drive interface as intended. However, due to improper access control, these documents remain visible to users via search applications. This visibility leak indicates that the access control mechanisms do not fully enforce confidentiality constraints across all access vectors, allowing users to discover the existence and metadata of files they should not be able to read. The issue does not allow direct reading of the file content through the Network Drive, but the exposure through search applications could lead to information disclosure risks, such as revealing sensitive file names or metadata that could be leveraged for further attacks or social engineering. The vulnerability does not require authentication beyond normal user access and does not appear to require user interaction beyond performing searches. There are no known exploits in the wild at the time of publication, and no patches have been released yet. The vulnerability was reserved and published in early 2024, indicating recent discovery and disclosure by Elastic.

For European organizations using Elastic Network Drive Connector 8.11.0, this vulnerability poses a risk to confidentiality. Sensitive documents protected by Document Level Security may inadvertently be exposed in search results, potentially leaking sensitive file names or metadata to unauthorized users. This could facilitate reconnaissance activities by malicious insiders or external attackers who have gained user-level access, enabling them to identify valuable targets for further exploitation. While the integrity and availability of files are not directly impacted, the confidentiality breach could have regulatory and compliance implications, especially under GDPR and other data protection laws prevalent in Europe. Organizations in sectors handling sensitive personal data, intellectual property, or classified information—such as finance, healthcare, government, and critical infrastructure—may face increased risk. The visibility of restricted documents in search applications could also undermine trust in the security controls of the affected systems and lead to reputational damage if exploited or disclosed.

1. Immediate mitigation should include restricting or disabling the use of Document Level Security with conflicting permissions (allow write but deny read) until a patch is available. 2. Implement strict monitoring and auditing of search application logs to detect unusual access patterns or queries that may indicate attempts to exploit this vulnerability. 3. Limit user permissions to the minimum necessary, especially restricting access to search functionalities that index sensitive documents. 4. Use alternative access control mechanisms or encryption at rest to protect sensitive files beyond the Document Level Security feature. 5. Engage with Elastic support or security advisories to obtain updates on patches or workarounds as soon as they are released. 6. Conduct internal security awareness training to inform users about the potential risks of information leakage through search results. 7. Consider deploying network segmentation or application-layer controls to isolate sensitive document repositories from general user search capabilities. 8. Review and update incident response plans to include scenarios involving improper access control and information leakage through search applications.