exploitDog

CVE-2009-1754

Опубликовано: 26 мая 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.0019

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-cvpc-5hfr-wxhv

github

почти 4 года назад

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.

EPSS

Процентиль: 41%

0.0019

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-287