CVE-2023-32184

Name of the Vulnerable Software and Affected Versions opensuse-welcome versions 0.1 through 0.1.9+git.35.4b9444a

Description A local attacker can execute code as the user that runs opensuse-welcome if a custom layout is chosen, due to an Insecure Storage of Sensitive Information vulnerability. This issue is related to the handling of temporary files when selecting a custom layout, specifically for the Xfce graphical environment.

Recommendations For opensuse-welcome versions 0.1 through 0.1.9+git.35.4b9444a, update to a version newer than 0.1.9+git.35.4b9444a to resolve the issue. As a temporary workaround, consider avoiding the selection of custom layouts, especially for the Xfce graphical environment, until a patch is available. Restrict access to the opensuse-welcome application to minimize the risk of exploitation.