CVE-2018-15869

Published: 25/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp packer

Debian Bug report logs - #907298 CVE-2018-15869 Package: src:packer; Maintainer for src:packer is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 26 Aug 2018 06:45:01 UTC Severity: grave Tags: security Found in versions packer/125+dfsg-1, packe ...

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalo ...

CWE-732 https://github.com/hashicorp/packer/issues/6584 http://www.securityfocus.com/bid/105172 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907298 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-15869

CVE-2018-15869

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect