GSD-2023-21283 — Vulnetix

GSD-2023-21283 PUBLISHED

In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Products

Vendor	Product	Versions
Google	Android	13, 11, 12

Timeline

Nov 28, 2020 CVE Published

References

https://android.googlesource.com/platform/packages/services/Telecomm/+/9b41a963f352fdb3da1da8c633d45280badfcb24 url
https://android.googlesource.com/platform/frameworks/base/+/e17fd149c0a2bf6cce56ebfae3fa5364fead22cc url
https://source.android.com/security/bulletin/2023-08-01 url

Open in Interactive Console →