← volver
CVE-2024-52311

data.all does not invalidate authentication token upon user logout

CVSS 5.3 MEDIUMEPSS 0.5%CWE-613
Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
amazon · data.all

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://aws.amazon.com/security/security-bulletins/AWS-2024-013https://github.com/data-dot-all/dataall/releases/tag/v2.6.1https://github.com/data-dot-all/dataall/security/advisories/GHSA-p69m-h9rw-584v