Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10953

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.

Published

2024-11-09T01:15:03.427

Last Modified

2025-10-14T19:15:36.063

Status

Modified

Source

ff89ba41-3aa1-4d27-914a-91399e9639e5

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	data.all	< 2.6.1	Yes

References

https://aws.amazon.com/security/security-bulletins/AWS-2024-013 Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1 (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/security/advisories/GHSA-x4j5-jm65-vp5j Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)