In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4 | Patch |
https://source.android.com/security/bulletin/2023-08-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Aug 2023, 15:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4 - Patch | |
References | (MISC) https://source.android.com/security/bulletin/2023-08-01 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:* cpe:2.3:o:google:android:13.1:-:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-295 | |
First Time |
Google
Google android |
14 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 21:15
Updated : 2024-10-09 19:35
NVD link : CVE-2023-21265
Mitre link : CVE-2023-21265
CVE.ORG link : CVE-2023-21265
JSON object : View
Products Affected
- android
CWE
CWE-295
Improper Certificate Validation