VDB

CVE-2024-52313

CVE-2024-52313 PUBLISHED CVSS 5.300000190734863 MEDIUM

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.

EPSS 0.27% · 51.0th percentile

Risk Scores

CVSS 4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.27%
51.0th percentile

Affected Products

VendorProductVersions
amazondata.all1.0.0, 1.0.0

Timeline

  • Nov 9, 2024 EPSS Score
  • Nov 9, 2024 Coalition ESS Score
  • Nov 9, 2024 Coalition ESS Score
  • Nov 9, 2024 CVE Published
  • Nov 12, 2024 Coalition ESS Score
  • Nov 27, 2024 EPSS Score
  • Dec 16, 2024 EPSS Score
  • Jan 2, 2025 EPSS Score
  • Jan 20, 2025 EPSS Score
  • Feb 7, 2025 EPSS Score
  • Feb 25, 2025 EPSS Score
  • Mar 15, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›