Upstream information
CVE-2023-49342 at MITRE
Description
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v3 Scores
| National Vulnerability Database |
Base Score | 7.8 |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | High |
Integrity Impact | High |
Availability Impact | High |
CVSSv3 Version | 3.1 |
SUSE Bugzilla entry:
1217595 [IN_PROGRESS]
No SUSE Security Announcements cross referenced.
List of released packages
Product(s) | Fixed package version(s) | References |
openSUSE Tumbleweed | budgie-app-launcher-applet >= 1.7.1-1.1
budgie-applications-menu-applet >= 1.7.1-1.1
budgie-brightness-controller-applet >= 1.7.1-1.1
budgie-clockworks-applet >= 1.7.1-1.1
budgie-countdown-applet >= 1.7.1-1.1
budgie-dropby-applet >= 1.7.1-1.1
budgie-extras >= 1.7.1-1.1
budgie-extras-daemon >= 1.7.1-1.1
budgie-extras-lang >= 1.7.1-1.1
budgie-fuzzyclock-applet >= 1.7.1-1.1
budgie-hotcorners-applet >= 1.7.1-1.1
budgie-kangaroo-applet >= 1.7.1-1.1
budgie-keyboard-autoswitch-applet >= 1.7.1-1.1
budgie-network-manager-applet >= 1.7.1-1.1
budgie-previews >= 1.7.1-1.1
budgie-quickchar >= 1.7.1-1.1
budgie-quicknote-applet >= 1.7.1-1.1
budgie-recentlyused-applet >= 1.7.1-1.1
budgie-rotation-lock-applet >= 1.7.1-1.1
budgie-showtime-applet >= 1.7.1-1.1
budgie-takeabreak-applet >= 1.7.1-1.1
budgie-visualspace-applet >= 1.7.1-1.1
budgie-wallstreet >= 1.7.1-1.1
budgie-weathershow-applet >= 1.7.1-1.1
budgie-window-shuffler >= 1.7.1-1.1
budgie-workspace-stopwatch-applet >= 1.7.1-1.1
budgie-workspace-wallpaper-applet >= 1.7.1-1.1
| Patchnames: openSUSE-Tumbleweed-2024-13508 |
SUSE Timeline for this CVE
CVE page created: Tue Nov 28 16:00:24 2023
CVE page last modified: Tue Sep 3 19:30:50 2024