CVE-2024-6388

medium

Description

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

References

https://www.cve.org/CVERecord?id=CVE-2024-6388

https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Details

Source: Mitre, NVD

Published: 2024-06-27

Updated: 2024-06-27

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Severity: Medium