Token Leak in Ubuntu Advantage Desktop Daemon Prior to Version 1.12
CVE-2024-6388

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Advantage Desktop Daemon
Vendor: CVE Published:; 27 June 2024

Summary

A vulnerability exists in the Ubuntu Advantage Desktop Daemon, discovered by Marco Trevisan, which allows unprivileged users to access sensitive Pro tokens. This leak occurs due to the token being passed as an argument in plaintext, exposing it to potential interception and misuse. Urgent action is recommended to safeguard user credentials and maintain security integrity.

References

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantag...

https://www.cve.org/CVERecord?id=CVE-2024-6388

https://github.com/canonical/ubuntu-advantage-desktop-dae...

Timeline

Vulnerability published
Jun 27, 2024