CVE-2023-49344 — Vulnetix

CVE-2023-49344 PUBLISHED CVSS 6 MEDIUM

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

EPSS 0.03% · 10.3th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS Score

0.03%

10.3th percentile

Affected Products

Vendor	Product	Versions
ubuntubudgie	budgie_extras	1.4.0
Ubuntu Budgie	Budgie Extras	1.4.0

Exploit Intelligence

Timeline

Dec 14, 2023 CVE Published
Dec 15, 2023 EPSS Score
Jan 13, 2024 EPSS Score
Feb 11, 2024 EPSS Score
Mar 12, 2024 EPSS Score
Apr 10, 2024 EPSS Score
May 9, 2024 EPSS Score
Jun 7, 2024 EPSS Score
Jul 6, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 4, 2024 EPSS Score
Sep 3, 2024 EPSS Score

References

https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rhwf-6fc9-9jvm issue
https://ubuntu.com/security/notices/USN-6556-1 third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49344 issue

Open in Interactive Console →