Lucene search

[email protected]CVE-2015-1541

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-1541

2015-10-0100:59:08

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-1541

appwidgetserviceimpl

android

settings application

uri permission

intent

flag_grant_read_uri_permission

flag_grant_write_uri_permission

bug 19618745

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

32.8%

JSON

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

Affected configurations

NVD

Node

googleandroidRange≤5.1

VendorProductVersionCPE
googleandroidcpe:/o:google:android::::

Vendor	Product	Version	CPE
google	android		cpe:/o:google:android::::

References

android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

32.8%

JSON

Related for CVE-2015-1541

ubuntucve1 prion1 nvd1 cvelist1 androidsecurity1