exploitDog

CVE-2020-0486

Опубликовано: 15 дек. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116

Ссылки

https://source.android.com/security/bulletin/pixel/2020-12-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2020-12-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00012

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-w7qc-fcjr-rrg9

github

больше 3 лет назад

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116

EPSS

Процентиль: 1%

0.00012

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276