{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T03:47:21.762","vulnerabilities":[{"cve":{"id":"CVE-2024-52311","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2024-11-09T01:15:04.133","lastModified":"2025-10-14T20:15:32.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired."},{"lang":"es","value":"Los tokens de autenticación emitidos a través de Cognito en data.all no se invalidan al cerrar la sesión, lo que permite que el usuario previamente autenticado continúe con la ejecución de solicitudes API autorizadas hasta que el token caduque."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:data.all:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.6.1","matchCriteriaId":"40A41C20-B492-4201-8487-8BE4B262F770"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/AWS-2024-013","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://github.com/data-dot-all/dataall/releases/tag/v2.6.1","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/data-dot-all/dataall/security/advisories/GHSA-p69m-h9rw-584v","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]}]}}]}