VDB
CVE-2024-52313
CVE-2024-52313
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.
EPSS 0.27% · 51.0th percentile
Risk Scores
CVSS 4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.27%
51.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| amazon | data.all | 1.0.0, 1.0.0 |
Exploit Intelligence
Timeline
- Nov 9, 2024 EPSS Score
- Nov 9, 2024 Coalition ESS Score
- Nov 9, 2024 Coalition ESS Score
- Nov 9, 2024 CVE Published
- Nov 12, 2024 Coalition ESS Score
- Nov 27, 2024 EPSS Score
- Dec 16, 2024 EPSS Score
- Jan 2, 2025 EPSS Score
- Jan 20, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
- Feb 25, 2025 EPSS Score
- Mar 15, 2025 EPSS Score