EIQ-2018-0012
|
ID |
EIQ-2018-0012 (Former ref.: 16142) |
|
CVE |
- |
|
Description |
Access to data sources through rules |
|
Date |
- |
|
Severity |
2 - MEDIUM |
|
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
|
Status |
Planned |
|
Assessment |
A user can access data sources that, based on the permissions associated with the user, would not normally be visible to them by executing rules and search queries. This enables users to apply actions that may accidentally modify the affected assets in an unexpected or undesirable way. |
|
Mitigation |
Permissions should only allow users to access data sources relating to groups that they are a member of. |
|
Affected versions |
2.1.0 to 2.7.1 included. |
|
Notes |
-
See also: |
This section is not visible to users accessing the public docs, it's for internal reference < Back to all security issues and mitigation actions
In release notes 2.7.1
In release notes 2.8.0