The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the --owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI. References: https://github.com/hashicorp/packer/issues/6584
Created awscli tracking bugs for this issue: Affects: fedora-all [bug 1623096]
Closing this bug as NOTABUG and asked MITRE for rejection, since the issue does not seem to be in AWS CLI but in Packer.