Lucene search

UnisocVULNRICHMENT:CVE-2023-42749

HistoryDec 04, 2023 - 12:54 a.m.

CVE-2023-42749

2023-12-0400:54:24

Unisoc

github.com

enginnermode

permission usage

local information disclosure

missing permission check

cve-2023-42749

AI Score

6.4

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

References

www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049