CVE-2018-15869

Name of the Vulnerable Software and Affected Versions Amazon Web Services (AWS) (affected versions not specified)

Description The issue arises when an AWS developer fails to specify the --owners flag while describing images via AWS CLI, which leads to not properly validating the source software according to AWS recommended security best practices. This oversight may cause the unintentional loading of an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.

Recommendations For AWS CLI users, as a temporary workaround, consider specifying the --owners flag when describing images to ensure proper validation of source software. Restrict access to the public community AMI catalog to minimize the risk of exploitation. Avoid loading AMIs from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.