CVE-2024-52314 MEDIUM

CVE-2024-52314: data.all admin user may access potentially sensitive data stored by producers via logs

Vendor Amazon
Product data.all
Weakness CWE-863 · Incorrect authorization
Published November 9, 2024
Last update October 14, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.

Key dates

02Disclosure timeline

November 9, 2024 CVE published
October 14, 2025 Record updated