EIQ-2018-0012#

ID

EIQ-2018-0012

(Former ref.: 16142)

CVE

-

Description

Access to data sources through rules

Date

-

Severity

2 - MEDIUM

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

Planned

Assessment

A user can access data sources that, based on the permissions associated with the user, would not normally be visible to them by executing rules and search queries.

This enables users to apply actions that may accidentally modify the affected assets in an unexpected or undesirable way.

Mitigation

Permissions should only allow users to access data sources relating to groups that they are a member of.

Affected versions

2.1.0 to 2.7.1 included.

Notes

-