VDB

GCVE-110-CLOUD-2023-0054

GCVE-110-CLOUD-2023-0054
Advisory Published
Vulnetix · Advisory published February 14, 2023
A privilege escalation vulnerability in Amazon EC2 Autoscaling was identified. The CreateLaunchConfiguration action lacked PassRole validation, allowing users to launch EC2 instances with unauthorized roles. AWS fixed the issue for both CreateLaunchConfiguration and CreateAutoScalingGroup actions, implementing proper PassRole validation when using the instance-id option.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSConfig
AWSEC2
AWSAmazon EC2 Autoscaling

References

advisory
advisory

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›