VDB

GSD-2023-20959

GSD-2023-20959 PUBLISHED CVSS 7.800000190734863 HIGH

In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
n/aAndroidAndroid-13

Timeline

  • Jul 18, 2022 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›