Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-hqp2-fj68-65cq

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью

Описание

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

Ссылки

EPSS

Процентиль: 18%
0.00059
Низкий

CVE ID

CVE-2015-1541

Дефекты

CWE-284

Связанные уязвимости

ubuntu логотип

CVE-2015-1541

ubuntu
больше 10 лет назад

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

nvd логотип

CVE-2015-1541

nvd
больше 10 лет назад

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

fstec логотип

BDU:2015-11572

fstec
больше 10 лет назад

Уязвимость операционной системы Android, позволяющая нарушителю обойти существующие ограничения доступа

EPSS

Процентиль: 18%
0.00059
Низкий

CVE ID

CVE-2015-1541

Дефекты

CWE-284