Data Exposure Vulnerability in Budgie Extras by Ubuntu
CVE-2023-49347

6MEDIUM

Key Information:

Vendor

Ubuntu Budgie

Status
Budgie Extras
Vendor
CVE Published:
14 December 2023

What is CVE-2023-49347?

The vulnerability in Budgie Extras allows for temporary data to be accessed by any user with local access to the system. This could lead to unauthorized viewing or manipulation of sensitive data displayed in Windows Previews. An attacker could exploit this weakness to steal private information or mislead users, potentially compromising the application's integrity.

Affected Version(s)

Budgie Extras Linux v1.4.0

References

https://ubuntu.com/security/notices/USN-6556-1
third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4...
issue-tracking
https://github.com/UbuntuBudgie/budgie-extras/security/ad...
issue-tracking

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner
Sam Lane
David Mohammed
.