Lucene search
GoogleOSV:ASB-A-262243665HistoryJun 01, 2023 - 12:00 a.m.
[ADP Grant] Guest user can see the trace logs recorded by Admin user by MainActivity
2023-06-0100:00:00
Google
osv.dev
guest user
trace logs
mainactivity
permissions bypass
local information disclosure
user interaction not needed
software
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Related
cnvd
cnvd
Google Android Information Disclosure Vulnerability (CNVD-2023-50827)
2023-06-18 00:00:00
cve
cve
CVE-2023-21142
2023-06-15 19:15:10
nvd
nvd
CVE-2023-21142
2023-06-15 19:15:10
prion
prion
Information disclosure
2023-06-15 19:15:00
cvelist
cvelist
CVE-2023-21142
2023-06-15 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Related for OSV:ASB-A-262243665