We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-6388



Description

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Reserved 2024-06-27 | Published 2024-06-27 | Updated 2024-08-01 | Assigner canonical


MEDIUM: 5.9CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Problem types

CWE-497

Product status

Any version before 1.12
affected

Credits

Marco Trevisan finder

References

bugs.launchpad.net/...ce/ubuntu-advantage-tools/+bug/2068944 issue-tracking

www.cve.org/CVERecord?id=CVE-2024-6388 issue-tracking

github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24 issue-tracking

cve.org (CVE-2024-6388)

nvd.nist.gov (CVE-2024-6388)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-6388

Support options

Helpdesk Chat, Email, Knowledgebase