exploitDog

CVE-2022-20266

Опубликовано: 12 авг. 2022

Источник: nvd

CVSS3: 5

EPSS Низкий

Описание

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211757348

Ссылки

https://source.android.com/security/bulletin/android-13
Vendor Advisory
https://source.android.com/security/bulletin/android-13
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

5 Medium

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-jc7q-x9r6-vfvf

CVSS3: 5

github

больше 3 лет назад

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211757348

EPSS

Процентиль: 4%

0.00018

Низкий

5 Medium

CVSS3

Дефекты

CWE-20