Data Exposure Vulnerability in Budgie Extras WeatherShow Applet by Ubuntu Budgie
CVE-2023-49346

6MEDIUM

Key Information:

Vendor

Ubuntu Budgie

Status
Budgie Extras
Vendor
CVE Published:
14 December 2023

What is CVE-2023-49346?

The Budgie Extras WeatherShow applet is susceptible to a vulnerability where temporary data exchanged between application components may be exposed or altered. This data is stored in a publicly accessible location, enabling any user with local access to the system to potentially manipulate or view sensitive information. This security concern allows attackers to pre-create and control the accessible data file, leading to the possibility of presenting misleading information to users or restricting access to the applet's functionality.

Affected Version(s)

Budgie Extras Linux v1.4.0

References

https://github.com/UbuntuBudgie/budgie-extras/security/ad...
issue-tracking
https://ubuntu.com/security/notices/USN-6556-1
third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4...
issue-tracking

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner
Sam Lane
David Mohammed
.