USN-7063-1
- Source
- https://ubuntu.com/security/notices/USN-7063-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7063-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7063-1
- Related
- Published
- 2024-10-11T16:51:57.302023Z
- Modified
- 2024-10-11T16:51:57.302023Z
- Summary
- ubuntu-advantage-desktop-daemon vulnerability
- Details
-
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked the Pro token to unprivileged users by passing the token as an argument in plaintext. An attacker could use this issue to gain unauthorized access to an Ubuntu Pro subscription. (CVE-2024-6388)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / ubuntu-advantage-desktop-daemon
Package
- Name
- ubuntu-advantage-desktop-daemon
- Purl
- pkg:deb/ubuntu/ubuntu-advantage-desktop-daemon@1.10.ubuntu0.16.04.1~esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.ubuntu0.16.04.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.10.ubuntu0.16.04.1~esm1",
"binary_name": "ubuntu-advantage-desktop-daemon"
},
{
"binary_version": "1.10.ubuntu0.16.04.1~esm1",
"binary_name": "ubuntu-advantage-desktop-daemon-dbgsym"
}
]
}
Ubuntu:Pro:18.04:LTS / ubuntu-advantage-desktop-daemon
Package
- Name
- ubuntu-advantage-desktop-daemon
- Purl
- pkg:deb/ubuntu/ubuntu-advantage-desktop-daemon@1.10.ubuntu0.18.04.1~esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.ubuntu0.18.04.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.10.ubuntu0.18.04.1~esm1",
"binary_name": "ubuntu-advantage-desktop-daemon"
},
{
"binary_version": "1.10.ubuntu0.18.04.1~esm1",
"binary_name": "ubuntu-advantage-desktop-daemon-dbgsym"
}
]
}
Ubuntu:20.04:LTS / ubuntu-advantage-desktop-daemon
Package
- Name
- ubuntu-advantage-desktop-daemon
- Purl
- pkg:deb/ubuntu/ubuntu-advantage-desktop-daemon@1.10.ubuntu0.20.04.1?arch=source&distro=focal
Ubuntu:22.04:LTS / ubuntu-advantage-desktop-daemon
Package
- Name
- ubuntu-advantage-desktop-daemon
- Purl
- pkg:deb/ubuntu/ubuntu-advantage-desktop-daemon@1.10.ubuntu0.22.04.2?arch=source&distro=jammy