VDB
GCVE-110-CLOUD-2016-0002
GCVE-110-CLOUD-2016-0002
Advisory Published
3rd party vendors can (and sometimes do) incorrectly implement sts:ExternalId in their
AWS role trust policies, leading to confused deputy issues. These misconfigurations could
allow customers to access other customers' data. Although vendors are responsible for
ensuring their own configurations are correct, AWS could theoretically add mitigations
to prevent and detect this issue.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Cloud Services | — | — |
| AWS | Config | — | — |
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.