Data Exposure Vulnerability in Budgie Extras Window Shuffler Applet by Ubuntu
CVE-2023-49344

6MEDIUM

Key Information:

Vendor

Ubuntu Budgie

Status
Budgie Extras
Vendor
CVE Published:
14 December 2023

What is CVE-2023-49344?

The Budgie Extras Window Shuffler applet is vulnerable to data exposure due to temporary data storage. This vulnerability allows local users to view or manipulate sensitive data as it is stored in an accessible location. An attacker can potentially create or control the file used for data exchange, leading to the risk of displaying false information or restricting user access to the application and panel.

Affected Version(s)

Budgie Extras Linux v1.4.0

References

https://github.com/UbuntuBudgie/budgie-extras/security/ad...
issue-tracking
https://ubuntu.com/security/notices/USN-6556-1
third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4...
issue-tracking

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner
Sam Lane
David Mohammed
.