low

App Runner cross-tenant VPC connectors info leak

Published Mon, Apr 3rd, 2023

Platforms

aws

Summary

The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would return the information for that account. This would leak minor information about the VPC configuration for App Runner in the account including the subnet ID, security group ID, and the VPC Connector ARN.

Affected Services

App Runner

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://frichetten.com/blog/minor-cross-tenant-vulns-app-runner

Contributed by https://github.com/frichetten

Entry Status

Finalized

Disclosure Date

Tue, Feb 28th, 2023

Exploitability Period

Until 2023/03/13

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Nick Frichette

More vulnerabilities...

low

App Runner cross-tenant observability config info leak

aws

The API action ListObservabilityConfigurationsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would...

Nick Frichette
critical

Azure on-premises data gateway cross-tenant access

azure

Azure on-premises data gateway allows data transfer between an on-prem customer network and several Azure cloud services, and also enables a connected agent installed locally in an on-prem network ...

Nick Landers, NetSPI
high

RCE vulnerability in Azure Pipelines

azure

Legit Security found an RCE vulnerability in Azure Pipelines that could have allowed an attacker to gain complete control of variables and tasks by exploiting logging commands. This would have enab...

Nadav Noy, Legit Security
View all