VDB

GCVE-110-CLOUD-2024-0024

GCVE-110-CLOUD-2024-0024
Advisory Published
Vulnetix · Advisory published August 7, 2024
Researchers discovered critical vulnerabilities in 6 AWS services that could allow attackers to breach accounts through malicious S3 buckets. By claiming predictable bucket names, attackers could inject code, steal data, or gain admin access. AWS has since fixed the issues, but the attack vector may still apply to other services and open source projects.

Affected Products

VendorProductVersionsPlatforms
AWSS3
AWSCloud Services
AWSCloudFormation, Glue, EMR, SageMaker, CodeStar, ServiceCatalog

References

advisory
advisory

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›