CVE-2024-6388 – Ubuntu Security Notice USN-7063-1

https://notcve.org/view.php?id=CVE-2024-6388

27 Jun 2024 — Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked the Pro token to unprivileged users by passing the token as an argument in plaintext. An attacker could use this issue to gain unauthorized access to an Ubuntu Pro subscription. • https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •