Lucene search

Ubuntu.comUB:CVE-2024-6388

HistoryJun 27, 2024 - 12:00 a.m.

CVE-2024-6388

2024-06-2700:00:00

ubuntu.com

cve-2024-6388

marco trevisan

ubuntu advantage desktop daemon

plaintext argument

launchpad

eslerm

cwe-497

unix

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

Confidence

Low

JSON

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before
version 1.12, leaks the Pro token to unprivileged users by passing the
token as an argument in plaintext.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944>

Notes

Author	Note
eslerm	CWE-497

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchubuntu-advantage-desktop-daemon< anyUNKNOWN
ubuntu22.04noarchubuntu-advantage-desktop-daemon< anyUNKNOWN
ubuntu24.04noarchubuntu-advantage-desktop-daemon< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	ubuntu-advantage-desktop-daemon	< any	UNKNOWN
ubuntu	22.04	noarch	ubuntu-advantage-desktop-daemon	< any	UNKNOWN
ubuntu	24.04	noarch	ubuntu-advantage-desktop-daemon	< any	UNKNOWN

References

github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

launchpad.net/bugs/cve/CVE-2024-6388

nvd.nist.gov/vuln/detail/CVE-2024-6388

security-tracker.debian.org/tracker/CVE-2024-6388

www.cve.org/CVERecord?id=CVE-2024-6388

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

Confidence

Low

JSON

Related for UB:CVE-2024-6388