exploitDog

CVE-2023-20959

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848

Ссылки

https://source.android.com/security/bulletin/2023-03-01
Vendor Advisory
https://source.android.com/security/bulletin/2023-03-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-78q9-q3h9-qcp9

CVSS3: 7.8

github

почти 3 года назад

In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

CWE-862

CWE-862