CVE-2018-13390

Summary

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

Affected Software

VendorProductVersion RangeStatus
Atlassiancloudtoken0.1.1 < unspecifiedaffected
Atlassiancloudtokenunspecified < 0.1.24affected

Weaknesses

  • Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CVE Program Container

Additional References

References