CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944	Issue Tracking
https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24	Issue Tracking Patch
https://www.cve.org/CVERecord?id=CVE-2024-6388	Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944	Issue Tracking
https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24	Issue Tracking Patch
https://www.cve.org/CVERecord?id=CVE-2024-6388	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:canonical:ubuntu_advantage_desktop_daemon:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-06-27 16:15

Updated : 2025-08-27 16:18

NVD link : CVE-2024-6388

Mitre link : CVE-2024-6388

CVE.ORG link : CVE-2024-6388

JSON object : View

Products Affected

canonical

ubuntu_advantage_desktop_daemon

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2024-6388", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-06-27T16:15:12.110", "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-497"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext."}, {"lang": "es", "value": "Marco Trevisan descubri\u00f3 que Ubuntu Advantage Desktop Daemon, anterior a la versi\u00f3n 1.12, filtra el token Pro a usuarios sin privilegios al pasar el token como argumento en texto plano."}], "lastModified": "2025-08-27T16:18:23.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu_advantage_desktop_daemon:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95FDB20A-9355-43DE-B2E5-512752E8E279", "versionEndExcluding": "1.12"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}