CVE-2018-15869

CVE-2018-15869

The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the –owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI.

Source: CVE-2018-15869