exploitDog

GHSA-8v94-2432-xc77

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Ссылки

EPSS

Процентиль: 11%

0.00037

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2021-25373

CVSS3: 5.5

nvd

почти 5 лет назад

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

EPSS

Процентиль: 11%

0.00037

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-863