PYSEC-2018-1

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/cloudtoken/PYSEC-2018-1.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2018-1

Aliases

CVE-2018-13390
GHSA-4fpg-j5mp-783g

Published

2018-08-10T15:29:00Z

Modified

2024-04-22T23:11:47.234082Z

Summary

[none]

Details

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

References

https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux

Affected packages

PyPI / cloudtoken

Package

Name: cloudtoken; View open source insights on deps.dev
Purl: pkg:pypi/cloudtoken

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.1.1

Fixed

0.1.24

Affected versions

0.*

0.1.1

0.1.2

0.1.3

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.18

0.1.19

0.1.21

0.1.22

0.1.23

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cloudtoken/PYSEC-2018-1.yaml"