VDB

GCVE-110-CLOUD-2023-0005

GCVE-110-CLOUD-2023-0005
Advisory Published
Vulnetix · Advisory published December 19, 2023
AWS IAM Identity Center exchanges third-party OIDC tokens for Identity Center-issued tokens. Identity Center relies on the jti claim in the third-party tokens to prevent replay attacks. Identity Center maintained a cache of previously-seen jti values for a fixed period (24 hours) and didn’t enforce that the third-party tokens had expiry claims. This meant that a token with a jti claim and without an exp claim could be replayed after >24 hours had passed.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSIAM
AWSIdentity Center

References

advisory

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›