GSD-2023-21288 — Vulnetix

GSD-2023-21288 PUBLISHED

In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
Google	Android	13, 12L, 11

Timeline

Nov 28, 2020 CVE Published

References

https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c url
https://source.android.com/security/bulletin/2023-08-01 url

Open in Interactive Console →