CVE-2023-49343 — Vulnetix

CVE-2023-49343 PUBLISHED CVSS 6 MEDIUM

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

EPSS 0.03% · 9.9th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS Score

0.03%

9.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu Budgie	Budgie Extras	v1.4.0, v1.4.0
ubuntubudgie	budgie_extras	1.4.0, 1.4.0

Exploit Intelligence

Timeline

Dec 14, 2023 CVE Published
Dec 15, 2023 EPSS Score
Jan 13, 2024 EPSS Score
Feb 11, 2024 EPSS Score
Mar 12, 2024 EPSS Score
Apr 10, 2024 EPSS Score
May 9, 2024 EPSS Score
Jun 7, 2024 EPSS Score
Jul 6, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 4, 2024 EPSS Score
Sep 3, 2024 EPSS Score

References

https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5 issue
https://ubuntu.com/security/notices/USN-6556-1 third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343 issue

Open in Interactive Console →