Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Ubuntu Advantage Desktop Pro by Canonical Ltd.
CVE-2024-6388 (GCVE-0-2024-6388)
Vulnerability from nvd – Published: 2024-06-27 15:39 – Updated: 2024-08-01 21:41
VLAI
Summary
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/ubuntu-… | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-6388 | issue-tracking |
| https://github.com/canonical/ubuntu-advantage-des… | issue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | Ubuntu Advantage Desktop Pro |
Affected:
0 , < 1.12
(semver)
|
|
| canonical | ubuntu_advantage_desktop_pro |
Affected:
0 , < 1.12
(semver)
cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_advantage_desktop_pro",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6388",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T18:48:51.687477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:25:45.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "ubuntu-advantage-desktop-daemon",
"platforms": [
"Linux"
],
"product": "Ubuntu Advantage Desktop Pro",
"repo": "https://github.com/canonical/ubuntu-advantage-desktop-daemon",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T15:39:04.168Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6388",
"datePublished": "2024-06-27T15:39:04.168Z",
"dateReserved": "2024-06-27T14:21:13.801Z",
"dateUpdated": "2024-08-01T21:41:03.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6388 (GCVE-0-2024-6388)
Vulnerability from cvelistv5 – Published: 2024-06-27 15:39 – Updated: 2024-08-01 21:41
VLAI
Summary
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/ubuntu-… | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-6388 | issue-tracking |
| https://github.com/canonical/ubuntu-advantage-des… | issue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | Ubuntu Advantage Desktop Pro |
Affected:
0 , < 1.12
(semver)
|
|
| canonical | ubuntu_advantage_desktop_pro |
Affected:
0 , < 1.12
(semver)
cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_advantage_desktop_pro",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6388",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T18:48:51.687477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:25:45.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "ubuntu-advantage-desktop-daemon",
"platforms": [
"Linux"
],
"product": "Ubuntu Advantage Desktop Pro",
"repo": "https://github.com/canonical/ubuntu-advantage-desktop-daemon",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T15:39:04.168Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6388",
"datePublished": "2024-06-27T15:39:04.168Z",
"dateReserved": "2024-06-27T14:21:13.801Z",
"dateUpdated": "2024-08-01T21:41:03.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}