3 matches found
CVE-2023-40089
In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
CVE-2023-40089
In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
CVE-2023-40089
CVE-2023-40089 concerns Android’s DevicePolicyManagerService.java, where getCredentialManagerPolicy can let a user select credential providers without proper permission checks. This enables local elevation of privilege with no extra execution privileges and no user interaction required. The Andro...