Upstream information
CVE-2023-49346 at MITRE
Description
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v3 Scores
| | National Vulnerability Database |
|---|
| Base Score | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Bugzilla entry:
1216282 [IN_PROGRESS]
No SUSE Security Announcements cross referenced.
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| openSUSE Tumbleweed | budgie-app-launcher-applet >= 1.7.1-1.1budgie-applications-menu-applet >= 1.7.1-1.1budgie-brightness-controller-applet >= 1.7.1-1.1budgie-clockworks-applet >= 1.7.1-1.1budgie-countdown-applet >= 1.7.1-1.1budgie-dropby-applet >= 1.7.1-1.1budgie-extras >= 1.7.1-1.1budgie-extras-daemon >= 1.7.1-1.1budgie-extras-lang >= 1.7.1-1.1budgie-fuzzyclock-applet >= 1.7.1-1.1budgie-hotcorners-applet >= 1.7.1-1.1budgie-kangaroo-applet >= 1.7.1-1.1budgie-keyboard-autoswitch-applet >= 1.7.1-1.1budgie-network-manager-applet >= 1.7.1-1.1budgie-previews >= 1.7.1-1.1budgie-quickchar >= 1.7.1-1.1budgie-quicknote-applet >= 1.7.1-1.1budgie-recentlyused-applet >= 1.7.1-1.1budgie-rotation-lock-applet >= 1.7.1-1.1budgie-showtime-applet >= 1.7.1-1.1budgie-takeabreak-applet >= 1.7.1-1.1budgie-visualspace-applet >= 1.7.1-1.1budgie-wallstreet >= 1.7.1-1.1budgie-weathershow-applet >= 1.7.1-1.1budgie-window-shuffler >= 1.7.1-1.1budgie-workspace-stopwatch-applet >= 1.7.1-1.1budgie-workspace-wallpaper-applet >= 1.7.1-1.1
| Patchnames:
openSUSE-Tumbleweed-2024-13508 |
SUSE Timeline for this CVE
CVE page created: Mon Oct 16 15:00:06 2023
CVE page last modified: Tue Sep 3 19:30:50 2024
