CVE-2024-52311

Sažetak

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2024-013
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1
https://github.com/data-dot-all/dataall/security/advisories/GHSA-p69m-h9rw-584v

CVSS

Base:	6.3
Impact:	3.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Zadnje važnije ažuriranje

14-10-2025 - 20:15

Objavljeno

09-11-2024 - 01:15