CVE-2024-52313

Sažetak

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2024-013
https://github.com/data-dot-all/dataall/releases/tag/v2.6.1
https://github.com/data-dot-all/dataall/security/advisories/GHSA-hx8q-7wxv-6c7c

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

14-10-2025 - 20:15

Objavljeno

09-11-2024 - 01:15