CVE-2024-52312

Source
https://cve.org/CVERecord?id=CVE-2024-52312
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52312.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52312
Aliases
  • GHSA-676j-g6g5-chj9
Published
2024-11-09T00:43:04.986Z
Modified
2026-07-08T06:27:43.063068763Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
data.all authenticated users can perform restricted operations against DataSets and Environments
Details

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.

Database specific
{
    "cna_assigner": "AMZN",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52312.json"
}
References

Affected packages

Git / github.com/data-dot-all/dataall

Affected ranges

Type
GIT
Repo
https://github.com/data-dot-all/dataall
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "2.6.0"
        },
        {
            "fixed": "2.6.1"
        }
    ],
    "cpe": "cpe:2.3:a:amazon:data.all:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.6.0
v1.6.1
v1.6.2
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52312.json"