In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.
Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:LVI:NVA:NSubsequent System
SC:LSI:NSA:N2.7/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:UOther