Vulnerability Description
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
CVSS Score
5.9
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Advantage Desktop Daemon | < 1.12 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944Issue Tracking
- https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24Issue TrackingPatch
- https://www.cve.org/CVERecord?id=CVE-2024-6388Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944Issue Tracking
- https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24Issue TrackingPatch
- https://www.cve.org/CVERecord?id=CVE-2024-6388Third Party Advisory
FAQ
What is CVE-2024-6388?
CVE-2024-6388 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
How severe is CVE-2024-6388?
CVE-2024-6388 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6388?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Advantage Desktop Daemon.