CVE-2023-21456
Vulnerability from cvelistv5
Published
2023-03-16 00:00
Modified
2024-08-02 09:36
Severity ?
Summary
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:36:34.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Mar-2023 Release 1",
              "status": "affected",
              "version": "Android 11, 12, 13",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-16T00:00:00",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2023-21456",
    "datePublished": "2023-03-16T00:00:00",
    "dateReserved": "2022-11-14T00:00:00",
    "dateUpdated": "2024-08-02T09:36:34.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-21456\",\"sourceIdentifier\":\"mobile.security@samsung.com\",\"published\":\"2023-03-16T21:15:12.050\",\"lastModified\":\"2023-03-23T02:03:51.127\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":2.5,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA3806E2-A780-4BB5-B4DC-D015D841E4C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D2D0083-0A85-47F7-A42D-2040A3BEC132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0332BF16-0F1F-4733-ABCE-A1EA1366A5D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3658A42-BCA9-4188-8B36-3C6599BBF83C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0E55E09-C2C9-43D1-8A1A-6D02F544E34A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C26195A5-31BE-4116-8F31-9F25BE57AB52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C6114C5-C175-45E7-821E-6BA218F923DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BA232B-8D39-473A-91D0-D3AC03FDE8FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B42CE0-67DE-4611-8D70-DEEC975E32BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF2EADA0-5976-4711-A7A5-61594F3E2FEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B59145B-5506-477C-8F9C-ABB0CE2CF631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC082E25-1B7D-473D-A066-1463E6321CD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"655BEA94-9A83-4A56-8DDE-79ADC821C707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B088DE9-31F1-4737-8BC8-CC406F208ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"899F6BD2-47AF-4ADA-935D-90AB069E9BA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2592B14-B3B7-4C85-88E8-5E12F6F50ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40A783AA-91E7-426B-8A78-4EBE5D69A602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA51F5D5-D18D-426C-B09F-EE12CE11E9FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"53968A3C-6E71-42B8-8671-6730D8C85603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C946853-D56D-457C-A1CB-AD1A5BD56C41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD8E899-427B-47D2-9168-446B0249868F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E923AF0F-34BA-40FE-AA20-B01366263B97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B14D1F-C536-4816-A076-B074E41EB0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF2D00F4-B521-4D8F-84F8-DCE45B6349A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"548BCC15-C6D8-4AE7-B167-4DD74382097B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D757450C-270E-4FB2-A50C-7F769FED558A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC4A2EBA-038B-44D5-84F3-FF326CD1C62D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ABFBBDB-E935-4C54-865A-0E607497DA87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3899E3E7-1284-4223-A258-DA691F5D62FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD961EA-6881-4A14-83DE-C6972F6F681C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"011CC4F5-6701-41E9-BC7D-CFE6EFF682AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E145E2-CE11-4EE5-9085-B4960FE4F52F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35F40D59-034B-44FB-8DCD-D469B50DE7E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC3F8572-578B-4D19-9453-1D03DA55EF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9137C66C-4966-4C90-ABE9-7E22F7E29BA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"18CD523B-530E-4187-8BFF-729CDAC69282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A81C86D-F1FE-4166-8F37-D7170E6B30FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3D80783-523A-455E-B1AD-0961086F79E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"89BE2958-0BEE-4CFD-A0BA-494DE62E7F32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0329C50-B904-480D-8EBB-F2757049FC81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"299284DA-85AB-4162-B858-E67E5C6C14F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D98F307E-3B01-4C17-86E5-1C6299919417\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D7DA96D-9C25-4DDA-A6BF-D998AC346B89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2B24866-2B3A-4A1A-8B75-EF7A7541797A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB29F18-A929-432B-B20C-365401E6CA12\"}]}]}],\"references\":[{\"url\":\"https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.