Vulnerability Details CVE-2024-52311
Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.5%
CVSS Severity
CVSS v3 Score 6.3
References
Products affected by CVE-2024-52311
-
cpe:2.3:a:amazon:data.all:1.0.0
-
cpe:2.3:a:amazon:data.all:1.1.0
-
cpe:2.3:a:amazon:data.all:1.1.1
-
cpe:2.3:a:amazon:data.all:1.1.2
-
cpe:2.3:a:amazon:data.all:1.2.0
-
cpe:2.3:a:amazon:data.all:1.2.1
-
cpe:2.3:a:amazon:data.all:1.2.2
-
cpe:2.3:a:amazon:data.all:1.2.3
-
cpe:2.3:a:amazon:data.all:1.3.0
-
cpe:2.3:a:amazon:data.all:1.3.1
-
cpe:2.3:a:amazon:data.all:1.4.0
-
cpe:2.3:a:amazon:data.all:1.4.1
-
cpe:2.3:a:amazon:data.all:1.4.2
-
cpe:2.3:a:amazon:data.all:1.4.3
-
cpe:2.3:a:amazon:data.all:1.5.0
-
cpe:2.3:a:amazon:data.all:1.5.1
-
cpe:2.3:a:amazon:data.all:1.5.2
-
cpe:2.3:a:amazon:data.all:1.5.3
-
cpe:2.3:a:amazon:data.all:1.5.4
-
cpe:2.3:a:amazon:data.all:1.5.5
-
cpe:2.3:a:amazon:data.all:1.5.6
-
cpe:2.3:a:amazon:data.all:1.6.0
-
cpe:2.3:a:amazon:data.all:1.6.1
-
cpe:2.3:a:amazon:data.all:1.6.2
-
cpe:2.3:a:amazon:data.all:2.0.0
-
cpe:2.3:a:amazon:data.all:2.1.0
-
cpe:2.3:a:amazon:data.all:2.2.0
-
cpe:2.3:a:amazon:data.all:2.3.0
-
cpe:2.3:a:amazon:data.all:2.4.0
-
cpe:2.3:a:amazon:data.all:2.5.0
-
cpe:2.3:a:amazon:data.all:2.6.0