Primary

Context

Ubuntu Ubuntu-Desktop-Provision Sensitive Credential Leak Vulnerability

Vulnerability

A vulnerability in Ubuntu's ubuntu-desktop-provision package, specifically version 24.04.4, could lead to the unintentional disclosure of sensitive user credentials during crash reporting. If an installation fails and the user submits a bug report to Launchpad, the logs attached to the report may include the user's password hash.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of password hashes, potentially allowing for password cracking and unauthorized access to user accounts.

Remediation

Users can update to the latest version of ubuntu-desktop-provision to address this vulnerability.

Added: Apr 9, 2026, 6:31 PM

Updated: Apr 9, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.5

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.5

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubuntu Ubuntu-Desktop-Provision Sensitive Credential Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating