exploitDog

CVE-2022-20493

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

Ссылки

https://source.android.com/security/bulletin/2023-01-01
Vendor Advisory
https://source.android.com/security/bulletin/2023-01-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

Дефекты

CWE-1284

CWE-1284

Связанные уязвимости

GHSA-qf97-64qx-gqhq

CVSS3: 7.8

github

около 3 лет назад

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

Дефекты

CWE-1284

CWE-1284