CVE-2023-21246

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

History

06 Nov 2024, 18:35

Type Values Removed Values Added
CWE CWE-273

25 Jul 2023, 16:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
First Time Google
Google android
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
CWE CWE-754
References (MISC) https://source.android.com/security/bulletin/2023-07-01 - (MISC) https://source.android.com/security/bulletin/2023-07-01 - Patch, Vendor Advisory
References (MISC) https://android.googlesource.com/platform/frameworks/base/+/fc1b9998ca8a9fceba47d67fd9ea9b45705b53e0 - (MISC) https://android.googlesource.com/platform/frameworks/base/+/fc1b9998ca8a9fceba47d67fd9ea9b45705b53e0 - Patch

13 Jul 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-13 00:15

Updated : 2024-11-06 18:35


NVD link : CVE-2023-21246

Mitre link : CVE-2023-21246

CVE.ORG link : CVE-2023-21246


JSON object : View

Products Affected

google

  • android
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-273

Improper Check for Dropped Privileges