VDB
GCVE-110-CLOUD-2020-0015
GCVE-110-CLOUD-2020-0015
Advisory Published
CloudFormation allows the use of Lambda-backed resource providers,
wherein Lambda can be used to write custom provisioning logic to be
executed during CloudFormation stack operations. The aforementioned
Lambda functions were executed in an AWS-managed account (thus
effectively allowing arbitrary code execution in that account),
and were passed a set of credentials ("platformCredentials") for a
role in this account that had several EventBridge permissions.
These were sufficient for an attacker to create new rules in the AWS-managed
account that leaked credentials belonging to other users of resource
providers. For example, creating a rule that matched events with
{"detail-type": ["AWS API Call via CloudTrail"]} exposed records
of other tenants' API calls, which included copies of credentials
for roles in other tenants' accounts.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | CloudFormation | — | — |
| AWS | CloudTrail | — | — |
| AWS | RDS | — | — |
| AWS | Lambda | — | — |
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.