5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
In bindSelection of DatabaseUtils.java, there is a possible way to access
files from other applications due to SQL injection. This could lead to
local information disclosure with no additional execution privileges
needed. User interaction is not needed for exploitation.
android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49
launchpad.net/bugs/cve/CVE-2023-35683
nvd.nist.gov/vuln/detail/CVE-2023-35683
security-tracker.debian.org/tracker/CVE-2023-35683
source.android.com/security/bulletin/2023-09-01
www.cve.org/CVERecord?id=CVE-2023-35683