CVE-2024-37293
The CVE concerns the AWS Deployment Framework (ADF) bootstrap process. Prior to v4.0.0, the bootstrap CodeBuild role could call sts:AssumeRole without restrictions, enabling escalation to any AWS account in the organization with elevated privileges. Patches are included in aws-deployment-framewor...