VDB
CVE-2024-52311
CVE-2024-52311
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.
EPSS 0.31% · 54.8th percentile
Risk Scores
CVSS 4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.31%
54.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| amazon | data.all | 1.0.0, 1.0.0 |
Exploit Intelligence
Timeline
- Nov 9, 2024 EPSS Score
- Nov 9, 2024 Coalition ESS Score
- Nov 9, 2024 Coalition ESS Score
- Nov 9, 2024 CVE Published
- Nov 12, 2024 Coalition ESS Score
- Nov 27, 2024 EPSS Score
- Dec 16, 2024 EPSS Score
- Jan 2, 2025 EPSS Score
- Jan 20, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
- Feb 25, 2025 EPSS Score
- Mar 15, 2025 EPSS Score