VDB

GCVE-110-CLOUD-2023-0042

GCVE-110-CLOUD-2023-0042
Advisory Published
Vulnetix · Advisory published April 3, 2023
The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would return the information for that account. This would leak minor information about the VPC configuration for App Runner in the account including the subnet ID, security group ID, and the VPC Connector ARN.

Affected Products

VendorProductVersionsPlatforms
AWSApp Runner
AWSConnect
AWSConfig

References

advisory
advisory

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›