Data Exposure Vulnerability in Budgie Extras Takeabreak Applet by Budgie
CVE-2023-49345

6MEDIUM

Key Information:

Vendor

Ubuntu Budgie

Status
Budgie Extras
Vendor
CVE Published:
14 December 2023

What is CVE-2023-49345?

The Budgie Extras Takeabreak applet has a security flaw where temporary data exchanged between application components can be accessed or altered by any local user. This susceptibility arises from a data storage method that lacks proper security controls, allowing attackers with system access to manipulate the stored information. They may exploit this vulnerability to provide misleading data to users or restrict access to the applet, significantly compromising the integrity and reliability of the application.

Affected Version(s)

Budgie Extras Linux v1.4.0

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4...
issue-tracking
https://ubuntu.com/security/notices/USN-6556-1
third-party-advisory
https://github.com/UbuntuBudgie/budgie-extras/security/ad...
issue-tracking

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner
Sam Lane
David Mohammed
.