CVE-2024-52313 Vulnerability Details

  /     /     /  

CVE-2024-52313 Metadata Quick Info

CVE Published: 09/11/2024 | CVE Updated: 12/11/2024 | CVE Year: 2024
Source: AMZN | Vendor: amazon | Product: data.all
Status : PUBLISHED

CVE-2024-52313 Description

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-863
CWE Name: CWE-863 Incorrect AuthorizationCAPEC-122
Source: amazon

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-122
CAPEC Description: CAPEC-122 Privilege Abuse