Lucene search

Google_androidCVE-2023-21104

HistoryMay 15, 2023 - 10:15 p.m.

CVE-2023-21104

2023-05-1522:15:11

CWE-276

google_android

web.nvd.nist.gov

cve-2023-21104

android

information disclosure

security

nvd

windoworganizer

java

permission check

android-12l

android-13

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771

Affected configurations

Nvd

Vulners

Node

googleandroidMatch12.1

googleandroidMatch13.0

VendorProductVersionCPE
googleandroid12.1cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	12.1	cpe:2.3:o:google:android:12.1:::::::*
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android-12L Android-13",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2023-05-01

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-21104