CVE-2024-52314

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-52314

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52314.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52314

Aliases

GHSA-p2h8-r28g-5q6h

Published

2024-11-09T01:15:05.863Z

Modified

2025-11-20T12:31:20.176999Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.

References

Affected packages

Git / github.com/data-dot-all/dataall

Affected ranges

Type: GIT
Repo: https://github.com/data-dot-all/dataall
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4b9d784cdcfd24be0f85af121cb94cc63c5eb3be

Affected versions

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.6.0

v1.6.1

v1.6.2

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v2.6.0