← Back

CVE-2024-52313

nvd nist
Published: Nov 9, 2024Modified: Oct 14, 2025

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5 (Secondary)

Description

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.

Affected (1)

Products: Amazon: Data.all
Amazon
1 product
Data.all
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Data.all
From 1.0.0 to 2.6.1

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Vendor Advisory
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Vendor Advisory

Timeline

No history available yet.