CVE-2024-6388

low-risk

Published 2024-06-27

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Ubuntu Advantage Desktop Daemon

Affected Vendors

Canonical

References (6)

Issue Tracking https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Issue Tracking https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2024-6388

Issue Tracking https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Issue Tracking https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2024-6388

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal