CVE-2018-15869
MEDIUMHashicorp Packer < 1.3.0 - Incorrect Permission Assignment
Title source: ruleDescription
An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105172
Third Party Advisory x_refsource_misc
https://github.com/hashicorp/packer/issues/6584
Scores
CVSS v3
5.3
EPSS
0.0055
EPSS Percentile
68.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-732
Status
published
Products (1)
hashicorp/packer
< 1.3.0
Published
Aug 25, 2018
Tracked Since
Feb 18, 2026