Lucene search

MitreCVE-2023-29722

HistoryJun 01, 2023 - 9:15 p.m.

CVE-2023-29722

2023-06-0121:15:09

mitre

web.nvd.nist.gov

cve-2023

glitter unicorn wallpaper

android

unauthorized apps

permission

data modification

database

personal preferences

memory

app security

escalation of privilege

nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.

Affected configurations

Nvd

Node

glitter_unicorn_wallpaper_projectglitter_unicorn_wallpaperRange7.0–8.0android

VendorProductVersionCPE
glitter_unicorn_wallpaper_projectglitter_unicorn_wallpaper*cpe:2.3:a:glitter_unicorn_wallpaper_project:glitter_unicorn_wallpaper:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
glitter_unicorn_wallpaper_project	glitter_unicorn_wallpaper	*	cpe:2.3:a:glitter_unicorn_wallpaper_project:glitter_unicorn_wallpaper::::::android::*

References

github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29722/CVE%20detail.md

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for CVE-2023-29722