CVE-2024-10953

Published Nov 9, 2024

Last updated 5 days ago

CVSS medium 5.3

Overview

Description
An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

ff89ba41-3aa1-4d27-914a-91399e9639e5
CWE-863

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10953 (Published: 2024-11-09) - A high-severity vulnerability in Amazon Web Services (AWS) affects multiple versions. Ensure your systems are updated to mitigate risks. For detailed remediation steps, check the security bulletin: https://t.co/HFHcLs9oiO #CyberSecurity

    @transilienceai

    11 Nov 2024

    13 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10953 (Published: 2024-11-09) - High severity vulnerability in Amazon Web Services (AWS). Affects specific versions. Remediation details available at: https://t.co/HFHcLs9oiO. Ensure your systems are updated to protect against potential exploits! #CyberSecurity #AWS

    @transilienceai

    11 Nov 2024

    5 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10953 (Published: 2024-11-09) - High severity vulnerability in Amazon Web Services (AWS). Affects specific versions. Remediation is crucial! Check the security bulletin for details: https://t.co/HFHcLs9oiO #AWS #CyberSecurity #CVE

    @transilienceai

    11 Nov 2024

    1 Impression

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10953 An authenticated data.all user is able to perform mutating UPDATE operat... https://t.co/3HIQv4GqXe Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    9 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-10953 An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is … https://t.co/kBn2rOr84v

    @CVEnew

    9 Nov 2024

    405 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References