VDB
GCVE-110-CLOUD-2023-0054
GCVE-110-CLOUD-2023-0054
Advisory Published
A privilege escalation vulnerability in Amazon EC2 Autoscaling was identified. The CreateLaunchConfiguration action lacked PassRole validation, allowing users to launch EC2 instances with unauthorized roles. AWS fixed the issue for both CreateLaunchConfiguration and CreateAutoScalingGroup actions, implementing proper PassRole validation when using the instance-id option.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Cloud Services | — | — |
| AWS | Config | — | — |
| AWS | EC2 | — | — |
| AWS | Amazon EC2 Autoscaling | — | — |
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.