VDB
GCVE-110-CLOUD-2023-0013
GCVE-110-CLOUD-2023-0013
Advisory Published
AppFlow had an undocumented service called sandstoneconfigurationservicelambda.
An undocumented field (awsOwnedManagedAppCredentialsArn) could be used during
connector registration and connector updates. Specifying a victim's Secret ARN
as that field disclosed the clientId and clientSecret, so long as the victim
Secret ARN belonged to a connection profile which is of the type
OAuth or contains clientId and clientSecret.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Connect | — | — |
| AWS | Cloud Services | — | — |
| AWS | AppFlow | — | — |
| AWS | Config | — | — |
| AWS | Lambda | — | — |
| AWS | ECR | — | — |
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.