EIQ-2018-0012



ID

EIQ-2018-0012

(Former ref.: 16142)

CVE

-

Description

Access to data sources through rules

Date

-

Severity

2 - MEDIUM

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

Planned

Assessment

A user can access data sources that, based on the permissions associated with the user, would not normally be visible to them by executing rules and search queries.

This enables users to apply actions that may accidentally modify the affected assets in an unexpected or undesirable way.

Mitigation

Permissions should only allow users to access data sources relating to groups that they are a member of.

Affected versions

2.1.0 to 2.7.1 included.

Notes

-

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/information.svg    This section is not visible to users accessing the public docs, it's for internal reference   images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/information.svg

See also:

< Back to all security issues and mitigation actions


In release notes 2.7.1

In release notes 2.8.0