Upstream information

CVE-2023-49344 at MITRE

Description

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 7.8
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1213342 [IN_PROGRESS]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • budgie-app-launcher-applet >= 1.7.1-1.1
  • budgie-applications-menu-applet >= 1.7.1-1.1
  • budgie-brightness-controller-applet >= 1.7.1-1.1
  • budgie-clockworks-applet >= 1.7.1-1.1
  • budgie-countdown-applet >= 1.7.1-1.1
  • budgie-dropby-applet >= 1.7.1-1.1
  • budgie-extras >= 1.7.1-1.1
  • budgie-extras-daemon >= 1.7.1-1.1
  • budgie-extras-lang >= 1.7.1-1.1
  • budgie-fuzzyclock-applet >= 1.7.1-1.1
  • budgie-hotcorners-applet >= 1.7.1-1.1
  • budgie-kangaroo-applet >= 1.7.1-1.1
  • budgie-keyboard-autoswitch-applet >= 1.7.1-1.1
  • budgie-network-manager-applet >= 1.7.1-1.1
  • budgie-previews >= 1.7.1-1.1
  • budgie-quickchar >= 1.7.1-1.1
  • budgie-quicknote-applet >= 1.7.1-1.1
  • budgie-recentlyused-applet >= 1.7.1-1.1
  • budgie-rotation-lock-applet >= 1.7.1-1.1
  • budgie-showtime-applet >= 1.7.1-1.1
  • budgie-takeabreak-applet >= 1.7.1-1.1
  • budgie-visualspace-applet >= 1.7.1-1.1
  • budgie-wallstreet >= 1.7.1-1.1
  • budgie-weathershow-applet >= 1.7.1-1.1
  • budgie-window-shuffler >= 1.7.1-1.1
  • budgie-workspace-stopwatch-applet >= 1.7.1-1.1
  • budgie-workspace-wallpaper-applet >= 1.7.1-1.1
Patchnames:
openSUSE-Tumbleweed-2024-13508


SUSE Timeline for this CVE

CVE page created: Fri Jul 14 15:18:46 2023
CVE page last modified: Tue Sep 3 19:30:50 2024