Home > Vulnerability Database > CVE-2024-52314

Mend.io Vulnerability Database

CVE-2024-52314

Good to know:

Date: November 8, 2024

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.

Language: C

Severity Score

4.9

Related Resources (4)

Url: https://github.com/data-dot-all/dataall/security/advisories/GHSA-p2h8-r28g-5q6h

Url: https://aws.amazon.com/security/security-bulletins/AWS-2024-013

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52314

Url: https://www.mend.io/vulnerability-database/CVE-2024-52314

Severity Score

4.9

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v2.6.1

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52314

Good to know:

Date: November 8, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?