Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52311

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.

Published

2024-11-09T01:15:04.133

Last Modified

2025-10-14T20:15:32.170

Status

Modified

Source

ff89ba41-3aa1-4d27-914a-91399e9639e5

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	data.all	< 2.6.1	Yes

References

https://aws.amazon.com/security/security-bulletins/AWS-2024-013 Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1 (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/security/advisories/GHSA-p69m-h9rw-584v Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)