VDB

GCVE-110-CLOUD-2023-0032

GCVE-110-CLOUD-2023-0032
Advisory Published
Vulnetix · Advisory published June 7, 2023
AWS Directory Service didn't check the iam:PassRole permissions when using the EnableRoleAccess action. This could have been used for privilege escalation by an authenticated user with sufficient permissions (ds:EnableRoleAccess), if the role had a trust policy that allowed use by Directory Service.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSDirectory Service
AWSIAM

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›