CVE-2024-6388

Published: Jun 27, 2024Modified: Aug 27, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Affected (1)

Products: Canonical: Ubuntu Advantage Desktop Daemon

Canonical

1 product

Ubuntu Advantage Desktop Daemon

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Advantage Desktop Daemon	Before 1.12

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (6)

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Source: security@ubuntu.com

Issue Tracking

https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

Source: security@ubuntu.com

Issue TrackingPatch

https://www.cve.org/CVERecord?id=CVE-2024-6388

Source: security@ubuntu.com

Third Party Advisory

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://www.cve.org/CVERecord?id=CVE-2024-6388

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.