Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-8913
HistoryAug 12, 2020 - 7:15 a.m.

CVE-2020-8913

2020-08-1207:15:11
CWE-281
CWE-22
[email protected]
web.nvd.nist.gov
10
android
play core
code execution
directory traversal
data access

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android’s Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application’s data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.

Affected configurations

Nvd
Node
androidplay_core_libraryRange<1.7.2
VendorProductVersionCPE
androidplay_core_library*cpe:2.3:a:android:play_core_library:*:*:*:*:*:*:*:*

Related

prion 1
hackerone 1
cve 1
threatpost 5
cvelist 1
kitploit 1
thn 1
prion
prion
Directory traversal
2020-08-12 07:15:00
hackerone
hackerone
Google: CVE-2020-8913 - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC
2020-02-27 16:24:29
cve
cve
CVE-2020-8913
2020-08-12 07:15:11
threatpost
threatpost
Google Play Apps Remain Vulnerable to High-Severity Flaw
2020-12-03 11:00:10
iPhone Bug Allowed for Complete Device Takeover Over the Air
2020-12-02 13:52:19
Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets
2020-12-08 22:52:24
cvelist
cvelist
CVE-2020-8913 Local arbitrary code execution in splitinstall in Android's Play Core
2020-08-12 07:10:12
kitploit
kitploit
Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
2020-10-28 20:30:00
thn
thn
Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking
2020-12-03 10:59:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON
Related for NVD:CVE-2020-8913
prion1hackerone1cve1threatpost5cvelist1kitploit1thn1