CVE-2018-15869

CVE-2018-15869

The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the –owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI.

Source: CVE-2018-15869

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다