Vulnerability Details CVE-2024-52313
An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.0%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2024-52313
-
cpe:2.3:a:amazon:data.all:1.0.0
-
cpe:2.3:a:amazon:data.all:1.1.0
-
cpe:2.3:a:amazon:data.all:1.1.1
-
cpe:2.3:a:amazon:data.all:1.1.2
-
cpe:2.3:a:amazon:data.all:1.2.0
-
cpe:2.3:a:amazon:data.all:1.2.1
-
cpe:2.3:a:amazon:data.all:1.2.2
-
cpe:2.3:a:amazon:data.all:1.2.3
-
cpe:2.3:a:amazon:data.all:1.3.0
-
cpe:2.3:a:amazon:data.all:1.3.1
-
cpe:2.3:a:amazon:data.all:1.4.0
-
cpe:2.3:a:amazon:data.all:1.4.1
-
cpe:2.3:a:amazon:data.all:1.4.2
-
cpe:2.3:a:amazon:data.all:1.4.3
-
cpe:2.3:a:amazon:data.all:1.5.0
-
cpe:2.3:a:amazon:data.all:1.5.1
-
cpe:2.3:a:amazon:data.all:1.5.2
-
cpe:2.3:a:amazon:data.all:1.5.3
-
cpe:2.3:a:amazon:data.all:1.5.4
-
cpe:2.3:a:amazon:data.all:1.5.5
-
cpe:2.3:a:amazon:data.all:1.5.6
-
cpe:2.3:a:amazon:data.all:1.6.0
-
cpe:2.3:a:amazon:data.all:1.6.1
-
cpe:2.3:a:amazon:data.all:1.6.2
-
cpe:2.3:a:amazon:data.all:2.0.0
-
cpe:2.3:a:amazon:data.all:2.1.0
-
cpe:2.3:a:amazon:data.all:2.2.0
-
cpe:2.3:a:amazon:data.all:2.3.0
-
cpe:2.3:a:amazon:data.all:2.4.0
-
cpe:2.3:a:amazon:data.all:2.5.0
-
cpe:2.3:a:amazon:data.all:2.6.0