GCVE - cpe:2.3:a:atlassian:cloudtoken:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:cloudtoken:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Cloudtoken (`b16681e3-6a89-5051-a7e8-ee5d6c3fafb7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:bitbucket/atlassian/cloudtoken`	purl2cpe	2026-06-01 10:12:16.776594
`pkg:docker/atlassiancloudteam/cloudtoken`	purl2cpe	2026-06-01 10:12:16.776597
`pkg:pypi/cloudtoken`	purl2cpe	2026-06-01 10:12:16.776599

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-13390`	vulnerable	2026-06-03 14:38:10.516100	Details available Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. Published: 2018-08-10T15:00:00.000Z Updated: 2024-09-17T03:38:25.019Z Open on db.gcve.eu Reference links https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.