CVE-2018-13390

CVE Database · CVE-2018-13390

CVE-2018-13390

· N/AModified

CVSS v3.1

N/A

EPSS

0.46%

Published

Aug 10, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

Affected Products (1)

atlassian · cloudtoken (up to 0.1.24)vulnerable

References (2)

https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux

MitigationThird Party Advisory

https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux

MitigationThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs