cvelist/2024/52xxx/CVE-2024-52314.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-52314",
        "ASSIGNER": "aws-security@amazon.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-863 Incorrect Authorization",
                        "cweId": "CWE-863"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "amazon",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "data.all",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "1.0.0",
                                            "version_value": "2.6.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-013",
                "refsource": "MISC",
                "name": "https://aws.amazon.com/security/security-bulletins/AWS-2024-013"
            },
            {
                "url": "https://github.com/data-dot-all/dataall/security/advisories/GHSA-p2h8-r28g-5q6h",
                "refsource": "MISC",
                "name": "https://github.com/data-dot-all/dataall/security/advisories/GHSA-p2h8-r28g-5q6h"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>A fix for this issue is available in data.all version 2.6.1 and later. Customers are advised to upgrade to version 2.6.1 or later.</p><br>"
                }
            ],
            "value": "A fix for this issue is available in data.all version 2.6.1 and later. Customers are advised to upgrade to version 2.6.1 or later."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2024-11-06 22:00:35 +00:00			`{`
"-Synchronized-Data." 2024-11-09 01:00:34 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-11-06 22:00:35 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-52314",`
"-Synchronized-Data." 2024-11-09 01:00:34 +00:00			`"ASSIGNER": "aws-security@amazon.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-11-06 22:00:35 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-11-09 01:00:34 +00:00			`"value": "A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-863 Incorrect Authorization",`
			`"cweId": "CWE-863"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "amazon",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "data.all",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "1.0.0",`
			`"version_value": "2.6.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-013",`
			`"refsource": "MISC",`
			`"name": "https://aws.amazon.com/security/security-bulletins/AWS-2024-013"`
			`},`
			`{`
			`"url": "https://github.com/data-dot-all/dataall/security/advisories/GHSA-p2h8-r28g-5q6h",`
			`"refsource": "MISC",`
			`"name": "https://github.com/data-dot-all/dataall/security/advisories/GHSA-p2h8-r28g-5q6h"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.2.0"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "<p>A fix for this issue is available in data.all version 2.6.1 and later. Customers are advised to upgrade to version 2.6.1 or later.</p><br>"`
			`}`
			`],`
			`"value": "A fix for this issue is available in data.all version 2.6.1 and later. Customers are advised to upgrade to version 2.6.1 or later."`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.9,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "HIGH",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",`
			`"version": "3.1"`
"-Synchronized-Data." 2024-11-06 22:00:35 +00:00			`}`
			`]`
			`}`
			`}`