CVE-2023-49346 Required CVE Record Information CNA: Canonical Ltd. Published: 2023-12-14 Updated: 2023-12-14 Description Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. CWE CWE-377: CVE-377 CWE-668: CVE-668 CVSS Score: 6.0 Severity: MEDIUM Version: 3.1 Vector String: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Product Status Vendor: Ubuntu Budgie Product: Budgie Extras Platforms: Linux Affected versions: v1.4.0 to v1.7.1 Credits Matthias Gerstner (finder) Sam Lane (analyst) David Mohammed (remediation verifier) References GitHub Security Advisory Ubuntu Security Notice CVE Details