Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistGoogle_androidCVELIST:CVE-2023-20976
HistoryMar 24, 2023 - 12:00 a.m.

CVE-2023-20976

2023-03-2400:00:00
google_android
www.cve.org
6
getconfirmationmessage
mislead user
default autofill application
local privilege escalation
android-13

EPSS

0

Percentile

5.1%

JSON

In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android-13",
        "status": "affected"
      }
    ]
  }
]

Related

nvd 1
prion 1
cve 1
nvd
nvd
CVE-2023-20976
2023-03-24 20:15:11
prion
prion
Input validation
2023-03-24 20:15:00
cve
cve
CVE-2023-20976
2023-03-24 20:15:11

EPSS

0

Percentile

5.1%

JSON
Related for CVELIST:CVE-2023-20976
nvd1prion1cve1