Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52314

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.

Published

2024-11-09T01:15:05.863

Last Modified

2025-10-14T19:15:37.033

Status

Modified

Source

ff89ba41-3aa1-4d27-914a-91399e9639e5

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	data.all	< 2.6.1	Yes

References

https://aws.amazon.com/security/security-bulletins/AWS-2024-013 Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1 (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/data-dot-all/dataall/security/advisories/GHSA-p2h8-r28g-5q6h Vendor Advisory (ff89ba41-3aa1-4d27-914a-91399e9639e5)