Home > Vulnerability Database > CVE-2024-6388

Mend.io Vulnerability Database

CVE-2024-6388

Date: June 27, 2024

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

Language: C

Severity Score

5.9

Related Resources (5)

Url: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6388

Url: https://www.cve.org/CVERecord?id=CVE-2024-6388

Url: https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

Url: https://www.mend.io/vulnerability-database/CVE-2024-6388

Severity Score

5.9

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6388

Date: June 27, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?