github - ghsa-jxrh-69wr-rj95

ghsa-jxrh-69wr-rj95

Vulnerability from github

Published

2024-07-09 21:30

Modified

2024-07-09 21:30

Details

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31312"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T21:15:12Z",
    "severity": null
  },
  "details": "In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-jxrh-69wr-rj95",
  "modified": "2024-07-09T21:30:38Z",
  "published": "2024-07-09T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31312"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/748055291460bcaafa3e53c7da1601a687959477"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2024-31312

Vulnerability from cvelistv5

Published

2024-07-09 20:09

Modified

2024-08-02 01:52

Severity

Summary

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

References

URL	Tags
https://android.googlesource.com/platform/frameworks/base/+/748055291460bcaafa3e53c7da1601a687959477
https://source.android.com/security/bulletin/2024-06-01

Impacted products

Vendor	Product
Google	Android

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T13:48:41.273019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T13:48:51.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:56.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/frameworks/base/+/748055291460bcaafa3e53c7da1601a687959477"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2024-06-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Android",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "13"
            },
            {
              "status": "affected",
              "version": "12L"
            },
            {
              "status": "affected",
              "version": "12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T20:09:15.484Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "url": "https://android.googlesource.com/platform/frameworks/base/+/748055291460bcaafa3e53c7da1601a687959477"
        },
        {
          "url": "https://source.android.com/security/bulletin/2024-06-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2024-31312",
    "datePublished": "2024-07-09T20:09:15.484Z",
    "dateReserved": "2024-03-29T20:11:33.058Z",
    "dateUpdated": "2024-08-02T01:52:56.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.