VDB

GCVE-110-CLOUD-2022-0016

GCVE-110-CLOUD-2022-0016
Advisory Published
Vulnetix · Advisory published August 19, 2022
Amazon SNS' signature validation in the official SDK relied on a weak regex for default AWS certificate locations, that would incorrectly match an S3 bucket named `sns`. This bucket happened to be publicly readable and writeable, allowing an attacker to forge messages to any user of the official SDK SNS validator.

Affected Products

VendorProductVersionsPlatforms
AWSS3
AWSSNS
AWSAmazon Simple Notification Service (SNS)

References

advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›