VDB

GCVE-110-CLOUD-2016-0002

GCVE-110-CLOUD-2016-0002
Advisory Published
Vulnetix · Advisory published November 16, 2016
3rd party vendors can (and sometimes do) incorrectly implement sts:ExternalId in their AWS role trust policies, leading to confused deputy issues. These misconfigurations could allow customers to access other customers' data. Although vendors are responsible for ensuring their own configurations are correct, AWS could theoretically add mitigations to prevent and detect this issue.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSConfig

References

advisory
advisory

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›