CVE-2023-49343
low-risk
Published 2023-12-14
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Budgie Extras
Affected Vendors
References (6)
Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343
Third Party Advisory
https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65...
Vendor Advisory
https://ubuntu.com/security/notices/USN-6556-1
Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343
Third Party Advisory
https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65...
Vendor Advisory
https://ubuntu.com/security/notices/USN-6556-1
25
/ 100
low-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal