Primary

Context

Ubuntu Subiquity Sensitive Credential Leak Vulnerability

Vulnerability

Patched

A vulnerability in Ubuntu Subiquity version 24.04.4 could lead to the unintentional disclosure of sensitive user credentials during the crash reporting process. If an installation fails and the user submits a bug report to Launchpad, Subiquity may include certain user credentials, such as the plaintext Wi-Fi password, in the logs attached to the report.

Impact

Exploitation of this vulnerability could result in the leakage of sensitive user information, including plaintext Wi-Fi passwords, potentially leading to unauthorized access to personal networks.

Remediation

Users can update to the latest version of Subiquity to address this vulnerability. The patched version is available in the official Ubuntu repositories.

Added: Apr 9, 2026, 6:37 PM

Updated: Apr 9, 2026, 6:37 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.8

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.8

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubuntu Subiquity Sensitive Credential Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Canonical Subiquity

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating