CVE-2024-52312 MEDIUM

CVE-2024-52312: data.all authenticated users can perform restricted operations against DataSets and Environments

Vendor Amazon
Product data.all
Weakness CWE-863 · Incorrect authorization
Published November 9, 2024
Last update October 14, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.

Key dates

02Disclosure timeline

November 9, 2024 CVE published
October 14, 2025 Record updated