What is the severity of CVE-2018-13390?

CVE-2018-13390 is classified as a high severity vulnerability due to the potential for unauthorized access to AWS credentials.

How do I fix CVE-2018-13390?

To fix CVE-2018-13390, upgrade the Cloudtoken package to version 0.1.24 or later.

Who is affected by CVE-2018-13390?

CVE-2018-13390 affects users running Cloudtoken versions from 0.1.1 before 0.1.24 on Linux.

What are the risks associated with CVE-2018-13390?

The risks of CVE-2018-13390 include potential unauthorized access to temporary AWS credentials, which could lead to data breaches.

Can CVE-2018-13390 be exploited remotely?

Yes, CVE-2018-13390 can be exploited remotely by attackers on the same subnet as the vulnerable Cloudtoken daemon.

Vulnerability/
CVE-2018-13390

medium

6.1

CWE

522

10/8/2018

13/5/2022

17/9/2024

CVE-2018-13390

First published: Fri Aug 10 2018(Updated: )

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

Credit: security@atlassian.com security@atlassian.com

Affected Software	Affected Version	How to fix
Atlassian Cloudtoken	>=0.1.1<0.1.24
pip/cloudtoken	>=0.1.1<0.1.24	0.1.24
	>=0.1.1<0.1.24

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-13390?
CVE-2018-13390 is classified as a high severity vulnerability due to the potential for unauthorized access to AWS credentials.
How do I fix CVE-2018-13390?
To fix CVE-2018-13390, upgrade the Cloudtoken package to version 0.1.24 or later.
Who is affected by CVE-2018-13390?
CVE-2018-13390 affects users running Cloudtoken versions from 0.1.1 before 0.1.24 on Linux.
What are the risks associated with CVE-2018-13390?
The risks of CVE-2018-13390 include potential unauthorized access to temporary AWS credentials, which could lead to data breaches.
Can CVE-2018-13390 be exploited remotely?
Yes, CVE-2018-13390 can be exploited remotely by attackers on the same subnet as the vulnerable Cloudtoken daemon.

collector/nvd-index
agent/type
agent/severity
agent/weakness
agent/description
agent/author
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/github-advisory-latest
source/GitHub
alias/GHSA-4fpg-j5mp-783g
alias/CVE-2018-13390
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
collector/github-advisory
agent/trending
agent/tags
agent/source
vendor/atlassian
canonical/atlassian cloudtoken
version/atlassian cloudtoken/0.1.1
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.