CVE Vulnerabilities

CVE-2018-13390

Published: Aug 10, 2018 | Modified: Nov 21, 2024
CVSS 3.x
6.1
MEDIUM
Source:
NVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CVSS 2.x
4.8 MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users roles.

Affected Software

Name Vendor Start Version End Version
Cloudtoken Atlassian 0.1.1 (including) 0.1.24 (excluding)

References