CVE-2024-6388 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
canonical	CNA	5.9 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
canonical	ubuntu_advantage_desktop_pro	𝑥 < 1.12
canonical	ubuntu_advantage_desktop_daemon	𝑥 < 1.12

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ubuntu-advantage-desktop-daemon

bionic	Fixed 1.10.ubuntu0.18.04.1~esm1 released
focal	Fixed 1.10.ubuntu0.20.04.1 released
jammy	Fixed 1.10.ubuntu0.22.04.2 released
mantic	ignored
noble	Fixed 1.11ubuntu0.1 released
oracular	not-affected
xenial	Fixed 1.10.ubuntu0.16.04.1~esm1 released

Common Weakness Enumeration

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

https://www.cve.org/CVERecord?id=CVE-2024-6388

https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944

https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24

https://www.cve.org/CVERecord?id=CVE-2024-6388