In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2023-02-01 | Patch Vendor Advisory |
https://source.android.com/security/bulletin/2023-02-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://source.android.com/security/bulletin/2023-02-01 - Patch, Vendor Advisory |
Information
Published : 2023-02-28 17:15
Updated : 2024-11-21 07:41
NVD link : CVE-2023-20932
Mitre link : CVE-2023-20932
CVE.ORG link : CVE-2023-20932
JSON object : View
Products Affected
- android
CWE
CWE-20
Improper Input Validation