Budgie Extras
CVE-2023-49347
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
AnalysisAI
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-377. Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. Affected products include: Ubuntubudgie Budgie Extras.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Budgie Extras
View allTemporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or m
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manip
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or m
Same weakness CWE-377 – Insecure Temporary File
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today