CVE-2024-6388

Summary

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.Ubuntu Advantage Desktop Pro0 < 1.12affected

Weaknesses

  • CWE-497: CWE-497

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References