{"id":"UBUNTU-CVE-2018-15869","details":"An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.","modified":"2026-05-20T16:06:10.633649353Z","published":"2018-08-25T00:29:00Z","upstream":["CVE-2018-15869"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-15869"},{"type":"REPORT","url":"https://github.com/hashicorp/packer/issues/6584"},{"type":"REPORT","url":"https://github.com/aws/aws-cli/issues/3629"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-15869"}],"affected":[{"package":{"name":"packer","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/packer?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.0.2+dfsg-1","1.0.4+dfsg-1","1.0.4+dfsg-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"packer","binary_version":"1.0.4+dfsg-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-15869.json"}},{"package":{"name":"packer","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/packer?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.4+dfsg-4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.3.4+dfsg-4","binary_name":"packer"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-15869.json"}},{"package":{"name":"packer","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/packer?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.6+ds1-2","1.6.6+ds1-4","1.6.6+ds1-4ubuntu0.22.04.1","1.6.6+ds1-4ubuntu0.22.04.2","1.6.6+ds1-4ubuntu0.22.04.3","1.6.6+ds1-4ubuntu0.22.04.3+esm1","1.6.6+ds1-4ubuntu0.22.04.3+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"packer","binary_version":"1.6.6+ds1-4ubuntu0.22.04.3+esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-15869.json"}},{"package":{"name":"awscli","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/awscli?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.23.6-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.23.6-1","binary_name":"awscli"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-15869.json"}},{"package":{"name":"awscli","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/awscli?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.23.6-1","2.31.35-1"],"ecosystem_specific":{"binaries":[{"binary_name":"awscli","binary_version":"2.31.35-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-15869.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}