exploitDog

CVE-2021-39748

Опубликовано: 30 мар. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203777141

Ссылки

https://source.android.com/security/bulletin/android-12l
Vendor Advisory
https://source.android.com/security/bulletin/android-12l
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00015

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-85j3-j66q-c47r

CVSS3: 5.5

github

почти 4 года назад

In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203777141

EPSS

Процентиль: 3%

0.00015

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-276