CVE-2024-52313
CVSS V2 None
CVSS V3 None
Description
An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.
Overview
- CVE ID
- CVE-2024-52313
- Assigner
- AMZN
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-09T00:43:00.250Z
- Last Modified Date
- 2024-11-09T00:56:37.346Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletins/AWS-2024-013 | vendor-advisory |
| https://github.com/data-dot-all/dataall/security/advisories/GHSA-hx8q-7wxv-6c7c | third-party-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-52313 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52313 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-09 13:21:03 | Added to TrackCVE |