| Name | CVE-2024-31498 |
| Description | Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| yubikey-manager-qt (PTS) | bookworm | 1.2.4-1 | fixed |
| forky, sid, trixie | 1.2.5-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| yubikey-manager-qt | source | (unstable) | (not affected) |
- yubikey-manager-qt <not-affected> (Only affects ykman-gui on Windows)
https://www.yubico.com/support/security-advisories/ysa-2024-01/