CVE-2024-31498

Name of the Vulnerable Software and Affected Versions Yubico ykman-gui (aka YubiKey Manager GUI) versions prior to 1.2.6

Description A privilege escalation issue exists because browser windows can open as Administrator when Edge is not used on Windows systems. This could allow for unexpected privilege escalation. The issue arises because Windows requires administrative permissions to open certain browser windows.

Recommendations For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue. As a temporary workaround, consider using Edge as the default browser to minimize the risk of exploitation. Restrict access to administrative privileges to prevent potential escalation of privileges attacks.