VDB

GCVE-110-CLOUD-2020-0015

GCVE-110-CLOUD-2020-0015
Advisory Published
Vulnetix · Advisory published September 22, 2020
CloudFormation allows the use of Lambda-backed resource providers, wherein Lambda can be used to write custom provisioning logic to be executed during CloudFormation stack operations. The aforementioned Lambda functions were executed in an AWS-managed account (thus effectively allowing arbitrary code execution in that account), and were passed a set of credentials ("platformCredentials") for a role in this account that had several EventBridge permissions. These were sufficient for an attacker to create new rules in the AWS-managed account that leaked credentials belonging to other users of resource providers. For example, creating a rule that matched events with {"detail-type": ["AWS API Call via CloudTrail"]} exposed records of other tenants' API calls, which included copies of credentials for roles in other tenants' accounts.

Affected Products

VendorProductVersionsPlatforms
AWSCloudFormation
AWSCloudTrail
AWSRDS
AWSLambda

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›