Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52313

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.

Published

2024-11-09T01:15:05.363

Last Modified

2025-10-14T20:15:32.973

Status

Modified

Source

ff89ba41-3aa1-4d27-914a-91399e9639e5

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	data.all	< 2.6.1	Yes

References

https://aws.amazon.com/security/security-bulletins/AWS-2024-013 Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1 (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/security/advisories/GHSA-hx8q-7wxv-6c7c Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)