Amazon Web Services (AWS) CLI weak security – CVE-2018-15869

The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS volumes for use in EC2. Found design weakness on Amazon Web Services (AWS) that CLI could provide weaker than expected security, caused by the failure to require the –owners flag when describing images. By setting similar image properties, a remote attacker could exploit this vulnerability to trigger the loading of an undesired AMI.

For details, please refer below url:

https://github.com/hashicorp/packer/issues/6584

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.