CVE-2024-10953

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of...

CVE-2024-52314

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data...

CVE-2024-52311

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired...

CVE-2024-10953

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of...

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all that stems from the fact that authentication tokens issued via Cognito in data.all do not expire upon logout, allowing previously authenticated users to continue to perform...

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all versions prior to 2.6.0, which stems from the ability of an authenticated user to perform a mutated UPDATE operation on a persistent notification record in data.all to targe...

PT-2024-35174 · Amazon +1 · Cloudwatch +2

Name of the Vulnerable Software and Affected Versions: data.all affected versions not specified Description: A data.all admin team member with access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs via CloudWatch log...