2 matches found
CVE-2022-20303
In ContentService, there is a possible way to determine if an account is on the device without GETACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20303
CVE-2022-20303 (Android 13) in ContentService: a missing permission check allows an account-detection information disclosure without GET_ACCOUNTS permission. Local attacker with low privileges and no user interaction can reveal whether an account exists on the device. Mitigation is included in An...