Vendor
data.all
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52314 | 0.00 | — | 0.00 | Nov 9, 2024 | A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data. | |||
| CVE-2024-52313 | 0.00 | — | 0.00 | Nov 9, 2024 | An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all. | |||
| CVE-2024-10953 | 0.00 | — | 0.00 | Nov 9, 2024 | An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of. |
- CVE-2024-52314Nov 9, 2024risk 0.00cvss —epss 0.00
A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.
- CVE-2024-52313Nov 9, 2024risk 0.00cvss —epss 0.00
An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.
- CVE-2024-10953Nov 9, 2024risk 0.00cvss —epss 0.00
An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.