low

App Runner cross-tenant VPC connectors info leak

Published Mon, Apr 3rd, 2023

Platforms

Summary

The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would return the information for that account. This would leak minor information about the VPC configuration for App Runner in the account including the subnet ID, security group ID, and the VPC Connector ARN.

Affected Services

App Runner

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://frichetten.com/blog/minor-cross-tenant-vulns-app-runner

Contributed by https://github.com/frichetten

Entry Status

Finalized

Disclosure Date

Tue, Feb 28th, 2023

Exploitablity Period

Until 2023/03/13

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Nick Frichette

More vulnerabilities...

low

App Runner cross-tenant observability config info leak

The API action ListObservabilityConfigurationsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would...

Nick Frichette

Mon, Apr 3rd, 2023

critical

Azure on-premises data gateway cross-tenant access

Azure on-premises data gateway allows data transfer between an on-prem customer network and several Azure cloud services, and also enables a connected agent installed locally in an on-prem network ...

Nick Landers, NetSPI

Thu, Mar 30th, 2023

high

RCE vulnerability in Azure Pipelines

Legit Security found an RCE vulnerability in Azure Pipelines that could have allowed an attacker to gain complete control of variables and tasks by exploiting logging commands. This would have enab...

Nadav Noy, Legit Security

Thu, Mar 30th, 2023

View all