An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105172 | Third Party Advisory VDB Entry |
https://github.com/hashicorp/packer/issues/6584 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-25T00:00:00
Updated: 2018-08-30T09:57:01
Reserved: 2018-08-24T00:00:00
Link: CVE-2018-15869
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-25T00:29:00.227
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-15869
JSON object: View
Redhat Information
No data.
CWE