VDB
GCVE-110-CLOUD-2024-0033
GCVE-110-CLOUD-2024-0033
Advisory Published
CVE-2024-37293 affects the AWS Deployment Framework's bootstrap process, potentially allowing privilege escalation if an actor has permissions to change CodeBuild projects or Lambda functions. The issue is fixed in version 4.0 and above. AWS recommends immediate upgrade and temporary mitigation by adding a permissions boundary to roles created by ADF in the management account.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Cloud Services | — | — |
| AWS | AWS Deployment Framework | — | — |
| AWS | CodeBuild | — | — |
| AWS | Lambda | — | — |
Aliases
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.