CVE-2024-10953

Sažetak

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2024-013
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1
https://github.com/data-dot-all/dataall/security/advisories/GHSA-x4j5-jm65-vp5j

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

14-10-2025 - 19:15

Objavljeno

09-11-2024 - 01:15