Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j67w-4gh2-w3jq

Опубликовано: 22 янв. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Ссылки

EPSS

Процентиль: 0%
0.00007
Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-40132

Дефекты

CWE-276
CWE-863

Связанные уязвимости

nvd логотип

CVE-2023-40132

CVSS3: 7.8
nvd
около 1 года назад

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

fstec логотип

BDU:2025-00235

CVSS3: 7.4
fstec
около 1 года назад

Уязвимость компонента Media Framework операционной системы Android, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 0%
0.00007
Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-40132

Дефекты

CWE-276
CWE-863