CVE-2023-21104

2023-05-1500:00:00

google_android

www.cve.org

windoworganizer.java

android-12l

android-13

local information disclosure

missing permission check

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android-12L Android-13",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2023-05-01