VDB
GCVE-110-CLOUD-2022-0048
GCVE-110-CLOUD-2022-0048
Advisory Published
When customers attach a CodeBuild project to their VPC, CodeBuild’s build container
will apply the same network routing rules as defined in the customer’s VPC Security Group.
However, CodeBuild EC2 hosts retained Internet connectivity via AWS's own VPC, thus allowing
an attacker to bypass any custom VPC rules the customer had set up, and use CodeBuild for
data exfiltration from the targeted environment. AWS later updated the CodeBuild service
to block all outbound network access for newly created CodeBuild projects which contain a
customer-defined VPC configuration.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Connect | — | — |
| AWS | Cloud Services | — | — |
| AWS | Config | — | — |
| AWS | CodeBuild | — | — |
| AWS | EC2 | — | — |
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.