CVE-2018-13390

Published: Aug 10, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

Affected (1)

Products: Atlassian: Cloudtoken

Atlassian

1 product

Cloudtoken

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atlassian Cloudtoken	From 0.1.1 to 0.1.24

References (2)

https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux

Source: security@atlassian.com

MitigationThird Party Advisory

https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.