CVE-2024-6388

Опубликовано: 27 июн. 2024

Источник: nvd

CVSS3: 5.9

CVSS3: 5.5

EPSS Низкий

Описание

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Ссылки

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944
Issue Tracking
https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24
Issue Tracking
Patch
https://www.cve.org/CVERecord?id=CVE-2024-6388
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944
Issue Tracking
https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24
Issue Tracking
Patch
https://www.cve.org/CVERecord?id=CVE-2024-6388
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:ubuntu_advantage_desktop_daemon:*:*:*:*:*:*:*:*

Версия до 1.12 (исключая)

EPSS

Процентиль: 5%

0.00022

Низкий

5.9 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-497

CWE-319

Связанные уязвимости

CVE-2024-6388

CVSS3: 5.9

ubuntu

больше 1 года назад

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

GHSA-qr25-x8m6-w7qj

CVSS3: 5.9

github

больше 1 года назад

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

EPSS

Процентиль: 5%

0.00022

Низкий

5.9 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-497

CWE-319