Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.
References
Link | Resource |
---|---|
https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux | Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2018-08-09T00:00:00
Updated: 2018-08-10T13:57:01
Reserved: 2018-07-06T00:00:00
Link: CVE-2018-13390
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-10T15:29:00.377
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-13390
JSON object: View
Redhat Information
No data.
CWE