5 matches found
CVE-2022-2390
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...
CVE-2022-2390 Mutable pending intent in Google Play services SDK
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...
CVE-2022-2390
CVE-2022-2390 affects the Google Play Services SDK. The issue stems from the mutability flag on PendingIntents passed to the Notification service, present in SDKs prior to version 18.0.2. This misconfiguration can allow an attacker to access all non-exported providers and/or other providers for w...
Design/Logic Flaw
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding opt parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scop...
CVE-2014-7922
CVE-2014-7922 involves the GoogleAuthUtil.getToken method in the Google Play services SDK prior to 2015. The vulnerability arises when the code sets parameters in OAuth token requests after detecting a corresponding opt parameter in the Bundle extras argument, enabling a crafted application to by...