CVE-2018-15869

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-15869

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15869.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-15869

Related

Published

2018-08-25T00:29:00Z

Modified

2025-01-08T04:54:36.224916Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.

References

Affected packages

Debian:11 / packer

Package

Name: packer
Purl: pkg:deb/debian/packer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / packer

Package

Name: packer
Purl: pkg:deb/debian/packer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/hashicorp/packer

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/packer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20eb6c98edcbb5cd3b78299c8ca1b5cba67ce0cb

Affected versions

v0.*

v0.10.0

v0.10.1

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.7.5

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.5

v0.8.6

v0.9.0

v0.9.0-rc2

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.3

v1.2.4

v1.2.5