Data Exposure in Budgie Extras Clockworks Applet by Ubuntu
CVE-2023-49342

6MEDIUM

Key Information:

Vendor

Ubuntu Budgie

Status
Budgie Extras
Vendor
CVE Published:
14 December 2023

What is CVE-2023-49342?

The Budgie Extras Clockworks applet in Ubuntu may allow unauthorized views or manipulation of temporary data passed between application components. This data, stored in a publicly accessible location, can be exploited by local attackers. By pre-manipulating the data file, malicious users could present misleading information or deny legitimate users access to the applet and its controls, posing risks to user experience and system integrity.

Affected Version(s)

Budgie Extras Linux v1.4.0

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4...
issue-tracking
https://github.com/UbuntuBudgie/budgie-extras/security/ad...
issue-tracking
https://ubuntu.com/security/notices/USN-6556-1
third-party-advisory

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sam Lane
David Mohammed
.