Budgie Extras
CVE-2023-49346
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
AnalysisAI
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-377. Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. Affected products include: Ubuntubudgie Budgie Extras.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Budgie Extras
View allTemporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or ma
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or m
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manip
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or m
Same weakness CWE-377 – Insecure Temporary File
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today