Lucene search

CanonicalCVELIST:CVE-2024-6388

HistoryJun 27, 2024 - 3:39 p.m.

CVE-2024-6388

2024-06-2715:39:04

CWE-497

canonical

www.cve.org

ubuntu advantage

desktop daemon

pro token

leakage

privileged users

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

Percentile

15.7%

JSON

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

CNA Affected

[
  {
    "packageName": "ubuntu-advantage-desktop-daemon",
    "product": "Ubuntu Advantage Desktop Pro",
    "vendor": "Canonical Ltd.",
    "repo": "https://github.com/canonical/ubuntu-advantage-desktop-daemon",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "1.12",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

www.cve.org/CVERecord?id=CVE-2024-6388

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2024-6388