VDB

GCVE-VVD-CLOUD-2021-0025

GCVE-VVD-CLOUD-2021-0025
Advisory Published
Vulnetix · Advisory published June 3, 2021
An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be displayed in the management console in the Elastic Beanstalk section. Due to improper sanitization, an attacker could insert an XSS payload that would execute in a victim's browser.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
AzureAzure Container Instance, Azure Service Fabric, Azure Kubernetes Service, Azure Container Registry, Azure Spring Cloud
AWSElastic Beanstalk
AWSIAM
AzureCloud Services

Aliases

CVE-2021-27075

Transitive aliases

GSD-2021-27075EUVD-2021-13846GHSA-559g-xmx4-7w7vBDU:2021-01362

References

Azure Linux VM extension credential leak
advisory
advisory
advisory
Elastic Beanstalk - XSS in Web Console
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›