PT-2024-35174 · Amazon+1 · Aws+2
Noah-Paige
·
Published
2024-11-08
·
Updated
2025-10-14
·
CVE-2024-52314
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
data.all (affected versions not specified)
Description
A data.all admin team member with access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs via CloudWatch log scanning for particular operations that interact with customer producer teams data.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aws
Cloudwatch
Alldata