Description
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
References (3)
Core 3
Core References
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49345
Vendor Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-6556-1
Third Party Advisory issue-tracking
https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rvhc-rch9-j943
Scores
CVSS v3
6.0
EPSS
0.0030
EPSS Percentile
21.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-377
CWE-668
Status
published
Products (1)
ubuntubudgie/budgie_extras
1.4.0 - 1.7.1
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026