App Runner cross-tenant observability config info leak
Published Mon, Apr 3rd, 2023
The API action ListObservabilityConfigurationsForAccount did not properly validate the
"AccountId" parameter that was passed to it. As a result, any account ID could be provided
and the API would return the information for that account. This would leak minor information
about the observability configuration for App Runner in the account.