{"id":"USN-6556-1","summary":"budgie-extras vulnerabilities","details":"It was discovered that Budgie Extras incorrectly handled certain temporary file paths.\nAn attacker could possibly use this issue to inject false information or deny\naccess to the application. (CVE-2023-49342, CVE-2023-49343, CVE-2023-49347)\n\nMatthias Gerstner discovered that Budgie Extras incorrectly handled certain\ntemporary file paths. A local attacker could use this to inject arbitrary PNG\ndata in this path and have it displayed on the victim's desktop or deny access\nto the application. (CVE-2023-49344)\n\nMatthias Gerstner discovered that Budgie Extras incorrectly handled certain\ntemporary file paths. A local attacker could use this to inject false information\nor deny access to the application. (CVE-2023-49345, CVE-2023-49346)\n","modified":"2026-04-27T17:02:05.954255Z","published":"2023-12-14T15:56:03Z","related":["UBUNTU-CVE-2023-49342","UBUNTU-CVE-2023-49343","UBUNTU-CVE-2023-49344","UBUNTU-CVE-2023-49345","UBUNTU-CVE-2023-49346","UBUNTU-CVE-2023-49347"],"upstream":["CVE-2023-49342","CVE-2023-49343","CVE-2023-49344","CVE-2023-49345","CVE-2023-49346","CVE-2023-49347","UBUNTU-CVE-2023-49342","UBUNTU-CVE-2023-49343","UBUNTU-CVE-2023-49344","UBUNTU-CVE-2023-49345","UBUNTU-CVE-2023-49346","UBUNTU-CVE-2023-49347"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6556-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49342"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49343"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49344"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49345"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49346"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49347"}],"affected":[{"package":{"name":"budgie-extras","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/budgie-extras@1.4.0-1ubuntu3.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0-1ubuntu3.1"}]}],"versions":["1.3.0-0ubuntu1","1.3.0-1","1.3.90-1","1.3.91-1","1.4.0-1","1.4.0-1ubuntu1","1.4.0-1ubuntu2","1.4.0-1ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"budgie-app-launcher-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-applications-menu-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-brightness-controller-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-clockworks-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-countdown-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-dropby-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-extras-common","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-extras-daemon","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-fuzzyclock-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-hotcorners-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-kangaroo-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-keyboard-autoswitch-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-network-manager-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-previews","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-previews-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-quickchar","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-quicknote-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-recentlyused-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-rotation-lock-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-showtime-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-takeabreak-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-trash-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-visualspace-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-wallstreet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-weathershow-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-window-shuffler","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-workspace-stopwatch-applet","binary_version":"1.4.0-1ubuntu3.1"},{"binary_name":"budgie-workspace-wallpaper-applet","binary_version":"1.4.0-1ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6556-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2023-49342","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-49343","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-49344","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-49345","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-49346","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-49347","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}