CVE-2024-6388

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-6388
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6388.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-6388
Downstream
Published
2024-06-27T16:15:12.110Z
Modified
2025-11-16T11:51:05.243081Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

References

Affected packages

Git / github.com/canonical/ubuntu-advantage-desktop-daemon

Affected ranges

Type
GIT
Repo
https://github.com/canonical/ubuntu-advantage-desktop-daemon
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d7cf25e299961ab82af40a594ffd2600d5dea1b5

Affected versions

1.*
1.0
1.1
1.10
1.11
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6388.json"