Upstream information
CVE-2023-49347 at MITRE
Description
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v3 Scores
| | National Vulnerability Database |
|---|
| Base Score | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Bugzilla entry:
1213341 [IN_PROGRESS]
No SUSE Security Announcements cross referenced.
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| openSUSE Tumbleweed | budgie-app-launcher-applet >= 1.7.1-1.1budgie-applications-menu-applet >= 1.7.1-1.1budgie-brightness-controller-applet >= 1.7.1-1.1budgie-clockworks-applet >= 1.7.1-1.1budgie-countdown-applet >= 1.7.1-1.1budgie-dropby-applet >= 1.7.1-1.1budgie-extras >= 1.7.1-1.1budgie-extras-daemon >= 1.7.1-1.1budgie-extras-lang >= 1.7.1-1.1budgie-fuzzyclock-applet >= 1.7.1-1.1budgie-hotcorners-applet >= 1.7.1-1.1budgie-kangaroo-applet >= 1.7.1-1.1budgie-keyboard-autoswitch-applet >= 1.7.1-1.1budgie-network-manager-applet >= 1.7.1-1.1budgie-previews >= 1.7.1-1.1budgie-quickchar >= 1.7.1-1.1budgie-quicknote-applet >= 1.7.1-1.1budgie-recentlyused-applet >= 1.7.1-1.1budgie-rotation-lock-applet >= 1.7.1-1.1budgie-showtime-applet >= 1.7.1-1.1budgie-takeabreak-applet >= 1.7.1-1.1budgie-visualspace-applet >= 1.7.1-1.1budgie-wallstreet >= 1.7.1-1.1budgie-weathershow-applet >= 1.7.1-1.1budgie-window-shuffler >= 1.7.1-1.1budgie-workspace-stopwatch-applet >= 1.7.1-1.1budgie-workspace-wallpaper-applet >= 1.7.1-1.1
| Patchnames:
openSUSE-Tumbleweed-2024-13508 |
SUSE Timeline for this CVE
CVE page created: Fri Jul 14 15:18:43 2023
CVE page last modified: Tue Sep 3 19:30:50 2024
