Lucene search

GoogleOSV:UBUNTU-CVE-2024-6388

HistoryJun 27, 2024 - 12:00 a.m.

UBUNTU-CVE-2024-6388

2024-06-2700:00:00

Google

osv.dev

ubuntu

advantage desktop

daemon

pro token

leakage

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.7

Confidence

High

JSON

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

References

github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

ubuntu.com/security/CVE-2024-6388

www.cve.org/CVERecord?id=CVE-2024-6388

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.7

Confidence

High

JSON

Related for OSV:UBUNTU-CVE-2024-6388