In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4 - Patch | |
References | () https://source.android.com/security/bulletin/2023-08-01 - Patch, Vendor Advisory |
24 Aug 2023, 15:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4 - Patch | |
References | (MISC) https://source.android.com/security/bulletin/2023-08-01 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:* cpe:2.3:o:google:android:13.1:-:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-295 | |
First Time |
Google
Google android |
14 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 21:15
Updated : 2024-11-21 07:42
NVD link : CVE-2023-21265
Mitre link : CVE-2023-21265
CVE.ORG link : CVE-2023-21265
JSON object : View
Products Affected
- android
CWE
CWE-295
Improper Certificate Validation