ghsa-ch2w-f7c7-mm84
Vulnerability from github
Published
2023-06-28 18:30
Modified
2024-04-04 05:15
Severity
Details
In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653
{ "affected": [], "aliases": [ "CVE-2023-21192" ], "database_specific": { "cwe_ids": [ "CWE-20" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-06-28T18:15:15Z", "severity": "HIGH" }, "details": "In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653", "id": "GHSA-ch2w-f7c7-mm84", "modified": "2024-04-04T05:15:22Z", "published": "2023-06-28T18:30:26Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21192" }, { "type": "WEB", "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...