CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

History

02 Oct 2023, 18:22

Type Values Removed Values Added
CWE CWE-668
First Time Google android
Lg v60 Thin Q 5g
Google
Lg
References (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
CPE cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

27 Sep 2023, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-02-28 20:33


NVD link : CVE-2023-44124

Mitre link : CVE-2023-44124

CVE.ORG link : CVE-2023-44124


JSON object : View

Products Affected

lg

  • v60_thin_q_5g

google

  • android
CWE
CWE-668

Exposure of Resource to Wrong Sphere

CWE-927

Use of Implicit Intent for Sensitive Communication