exploitDog

CVE-2022-20458

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776

Ссылки

https://source.android.com/security/bulletin/aaos/2023-01-01
Vendor Advisory
https://source.android.com/security/bulletin/aaos/2023-01-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00044

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-532

CWE-532

Связанные уязвимости

GHSA-m5r4-qhx5-2g4c

CVSS3: 5.5

github

около 3 лет назад

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776

EPSS

Процентиль: 13%

0.00044

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-532

CWE-532