exploitDog

GHSA-9m64-9g8r-6vh6

Опубликовано: 28 дек. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

Ссылки

EPSS

Процентиль: 38%

0.00164

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-732

Связанные уязвимости

CVE-2021-23244

CVSS3: 7.8

nvd

около 4 лет назад

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

EPSS

Процентиль: 38%

0.00164

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-732