VDB
GCVE-110-CLOUD-2023-0042
GCVE-110-CLOUD-2023-0042
Advisory Published
The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter
that was passed to it. As a result, any account ID could be provided and the API would return
the information for that account. This would leak minor information about the VPC
configuration for App Runner in the account including the subnet ID, security group ID, and the
VPC Connector ARN.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | App Runner | — | — |
| AWS | Connect | — | — |
| AWS | Config | — | — |
Browse GCVE Records
73,280 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.