Lucene search

[email protected]NVD:CVE-2023-21260

HistoryJul 13, 2023 - 1:15 a.m.

CVE-2023-21260

2023-07-1301:15:08

CWE-346

[email protected]

web.nvd.nist.gov

notification

permission

overflow

misleading

user confirmation

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

Percentile

15.5%

JSON

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

Affected configurations

Nvd

Node

googleandroidMatch10.0

googleandroidMatch11.0

googleandroidMatch12.1

googleandroidMatch13.0

VendorProductVersionCPE
googleandroid10.0cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
googleandroid11.0cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
googleandroid12.1cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	10.0	cpe:2.3:o:google:android:10.0:::::::*
google	android	11.0	cpe:2.3:o:google:android:11.0:::::::*
google	android	12.1	cpe:2.3:o:google:android:12.1:::::::*
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*

References

source.android.com/security/bulletin/aaos/2023-07-01

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2023-21260

prion1 cvelist1 cve1