cvedb.io
CVE-2018-15869
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2018-08-25T00:29:00.227 · Last modified 2026-06-17T01:43:14.280

Summary

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.

Affected products

hashicorp — packer

Does this affect you?

Add your gear to cvedb and we'll alert you only when hashicorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.