VDB

GCVE-110-CLOUD-2024-0033

GCVE-110-CLOUD-2024-0033
Advisory Published
Vulnetix · Advisory published June 11, 2024
CVE-2024-37293 affects the AWS Deployment Framework's bootstrap process, potentially allowing privilege escalation if an actor has permissions to change CodeBuild projects or Lambda functions. The issue is fixed in version 4.0 and above. AWS recommends immediate upgrade and temporary mitigation by adding a permissions boundary to roles created by ADF in the management account.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSAWS Deployment Framework
AWSCodeBuild
AWSLambda

References

advisory

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›