Home > Vulnerability Database > CVE-2024-6388

Mend.io Vulnerability Database

CVE-2024-6388

Good to know:

Date: June 27, 2024

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Language: C

Severity Score

5.9

Related Resources (5)

Url: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6388

Url: https://www.cve.org/CVERecord?id=CVE-2024-6388

Url: https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

Url: https://www.mend.io/vulnerability-database/CVE-2024-6388

Severity Score

5.9

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

Top Fix

Upgrade Version

Upgrade to version 1.12

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6388

Good to know:

Date: June 27, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?