Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data…
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
https://cwe.mitre.org/data/definitions/377.html →Open in CWE collection →An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
https://capec.mitre.org/data/definitions/149.html →Open in CAPEC collection →An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.
https://capec.mitre.org/data/definitions/155.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie-extras | Tracked | |
| budgie_extras | * | Tracked |