Lucene search

MitreCVE-2018-15869

HistoryAug 25, 2018 - 12:29 a.m.

CVE-2018-15869

2018-08-2500:29:00

CWE-732

mitre

web.nvd.nist.gov

aws

developer

security

ami

nvd

cve-2018-15869

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.9%

JSON

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.

Affected configurations

Nvd

Node

hashicorppackerRange<1.3.0

VendorProductVersionCPE
hashicorppacker*cpe:2.3:a:hashicorp:packer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hashicorp	packer	*	cpe:2.3:a:hashicorp:packer::::::::

References

www.securityfocus.com/bid/105172

github.com/hashicorp/packer/issues/6584

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.9%

JSON

Related for CVE-2018-15869