ghsa-hxx7-8jpf-2vg3
Vulnerability from github
Published
2023-03-24 21:30
Modified
2023-03-28 21:30
Severity
Details
In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210
{ "affected": [], "aliases": [ "CVE-2023-20962" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-24T20:15:00Z", "severity": "MODERATE" }, "details": "In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210", "id": "GHSA-hxx7-8jpf-2vg3", "modified": "2023-03-28T21:30:21Z", "published": "2023-03-24T21:30:50Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20962" }, { "type": "WEB", "url": "https://source.android.com/security/bulletin/2023-03-01" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
Loading...