VDB
GCVE-110-CLOUD-2023-0005
GCVE-110-CLOUD-2023-0005
Advisory Published
AWS IAM Identity Center exchanges third-party OIDC tokens for
Identity Center-issued tokens. Identity Center relies on the jti
claim in the third-party tokens to prevent replay attacks.
Identity Center maintained a cache of previously-seen jti values
for a fixed period (24 hours) and didn’t enforce that the third-party
tokens had expiry claims. This meant that a token with a jti claim and
without an exp claim could be replayed after >24 hours had passed.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Cloud Services | — | — |
| AWS | IAM | — | — |
| AWS | Identity Center | — | — |
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.