Lucene search

[email protected]NVD:CVE-2023-21265

HistoryAug 14, 2023 - 9:15 p.m.

CVE-2023-21265

2023-08-1421:15:12

CWE-295

[email protected]

web.nvd.nist.gov

root ca certificates

remote information disclosure

user interaction

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

48.8%

JSON

In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

Nvd

Node

googleandroidMatch11.0-

googleandroidMatch12.0-

googleandroidMatch13.0-

googleandroidMatch13.1-

VendorProductVersionCPE
googleandroid11.0cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*
googleandroid13.0cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*
googleandroid13.1cpe:2.3:o:google:android:13.1:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	11.0	cpe:2.3:o:google:android:11.0:-::::::
google	android	12.0	cpe:2.3:o:google:android:12.0:-::::::
google	android	13.0	cpe:2.3:o:google:android:13.0:-::::::
google	android	13.1	cpe:2.3:o:google:android:13.1:-::::::

References

android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4

source.android.com/security/bulletin/2023-08-01

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

48.8%

JSON

Related for NVD:CVE-2023-21265

prion1 osv1 cve1 cvelist1