In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2023-01-01 | Vendor Advisory |
https://source.android.com/security/bulletin/2023-01-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://source.android.com/security/bulletin/2023-01-01 - Vendor Advisory |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 |
Information
Published : 2023-01-26 21:15
Updated : 2024-11-21 06:42
NVD link : CVE-2022-20493
Mitre link : CVE-2022-20493
CVE.ORG link : CVE-2022-20493
JSON object : View
Products Affected
- android
CWE
CWE-1284
Improper Validation of Specified Quantity in Input