CVE-2024-31498

EUVD-2024-29378
Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
yubicoyubikey_manager_gui
𝑥
< 1.2.6
ADP
Debian logo
Debian Releases
Debian Product
Codename
yubikey-manager-qt
bookworm
1.2.4-1
fixed
forky
1.2.5-2
fixed
sid
1.2.5-2
fixed
trixie
1.2.5-2
fixed
Common Weakness Enumeration
References
https://www.yubico.com/support/security-advisories/ysa-2024-01/
https://www.yubico.com/support/security-advisories/ysa-2024-01/